Content deleted Content added
Nominated for deletion; see Wikipedia:Articles for deletion/Booting process of Windows NT. |
Citation bot (talk | contribs) Add: date, authors 1-1. Removed parameters. Some additions/deletions were parameter name changes. | Use this bot. Report bugs. | Suggested by Eastmain | #UCB_webform 69/85 Tag: Reverted |
||
Line 92:
<code>autochk</code> mounts all drives and checks them one at a time to see whether or not they were cleanly unmounted. If autochk determines one or more volumes are dirty, it will automatically run chkdsk and provides the user with a short window to abort the repair process by pressing a key within 10 seconds (introduced in Windows NT 4.0 Service Pack 4; earlier versions would not allow the user to abort chkdsk). Since Windows 2000, XP and 2003 show no text screen at that point (unlike NT 3.1 to 4.0, which displayed a blue text screen), the user will see a different background picture holding a mini-text-screen in the center of the screen and show the progress of chkdsk there.<ref>{{Cite web |title=Resource Kit |url=http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/prkd_tro_mdca.asp |url-status=dead |archive-url=https://web.archive.org/web/20070311183615/http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/prkd_tro_mdca.asp |archive-date=March 11, 2007 |publisher=Microsoft Corporation}}</ref>
Starting with Windows Vista, the Session Manager Subsystem creates a temporary instance of itself that launches the Windows Startup Application (<code>wininit.exe</code>) and a second Client/Server Runtime Subsystem (<code>csrss.exe</code>) for Session 0, a session decided to system processes. From here, the Windows Startup Application starts the [[Service Control Manager]] (<code>services.exe</code>), which starts all the Windows services that are set to "Auto-Start" and sets the <code>LastKnownGood</code> to the current control set.<ref name=":0" /> The application also starts the [[Local Security Authority Subsystem Service]] (<code>lsass.exe</code>). Before Windows Vista, these processes were started by [[Winlogon|Windows Logon]] instead of the Windows Startup Application, which didn't exist. The dedicated session for system processes also didn't exist.<ref name=":2">{{Cite web |last=Archiveddocs |title=Windows Administration: Inside the Windows Vista Kernel: Part 2 |url=https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc162480(v=msdn.10) |access-date=2023-05-13 |website=learn.microsoft.com |date=September 8, 2016 |language=en-us}}</ref>
The Session Manager Subsystem now starts [[Winlogon]] (Windows Logon Application), which is responsible for handling interactive logons to a Windows system, either local or remote.<ref name=":2" />
Line 100:
The authentication process is implemented by Winlogon. This program is responsible for responding to the [[Secure attention key|secure attention sequence]] (SAS), loading the user profile on logon, and optionally locking the computer when a [[screensaver]] is running.
[[File:Windows_11_pre-login.png|thumb|[[Windows 11]] lock screen, requiring user to press [[Control-Alt-Delete]].]]
Winlogon checks if automatic logon is enabled, and if so, logs in to the specified account automatically.<ref>{{Cite web |last=Deland-Han |title=Configure Windows to automate logon - Windows Server |url=https://learn.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon |access-date=2023-05-13 |website=learn.microsoft.com |language=en-us}}</ref> If there is not automatic logon enabled, Winlogon starts the process to allow the user to logon. Before Windows Vista this was done by [[Graphical identification and authentication|GINA]],<ref name=":4">{{Cite book |
LSASS first tries to use cached data in the LSA database, the SECURITY hive of the registry. If there is none, LSASS determines which account protocol is to be used by using the security packages listed in the key <code>HKLM\SYSTEM\CurrentControlSet\Control\Lsa</code>. There are two standard packages, <code>msv1_0.dll</code>, which implements the [[NTLM]] protocols, and <code>Kerberos.dll</code>, which provides remote login by using [[Active Directory]]. <code>msv1_0.dll</code> is used in stand-alone systems and ___domain-member systems for backward compatibility. If the user is trying to log into the local host then <code>msv1_0.dll</code> uses the [[Security Account Manager]] database located at <code>HKLM/SAM</code>. If the user is trying to log into another host then the NetLogon [[Windows service|service]] is used to carry the data with the following sequence:<syntaxhighlight lang="text">msv1_0.dll <-> netlogon <-> remote netlogon <-> remote msv1_0.dll <-> remote SAM</syntaxhighlight>After the user is authenticated, LSASS enforces the local security policy (checking user permissions, creating audit trails, doling out security tokens, etc.) and passes control pack to Winlogon. Winlogon creates and opens an interactive windows station, <code>WinSta0</code>,<ref>{{cite web |title=Window Stations |url=http://msdn.microsoft.com/en-us/library/windows/desktop/ms687096%28v=vs.85%29.aspx |access-date=19 April 2014 |work=MSDN |publisher=Microsoft Corporation}}</ref> and creates three desktops, <code>Winlogon</code>, <code>Default</code> and <code>ScreenSaver</code>. Winlogon switches from the Winlogon desktop to the <code>Default</code> desktop when the shell indicates that it is ready to display something for the user, or after thirty seconds, whichever comes first. The system switches back to the <code>Winlogon</code> desktop if the user presses [[Control-Alt-Delete]] or when a [[User Account Control]] prompt is shown.<ref>{{cite web |title=Desktops |url=http://msdn.microsoft.com/en-us/library/windows/desktop/ms682573%28v=vs.85%29.aspx |access-date=19 April 2014 |work=MSDN |publisher=Microsoft Corporation}}</ref> Winlogon now starts the program specified in the Userinit value which defaults to <code>userinit.exe</code>. This value supports multiple executables.<ref name=":3" />
Line 108:
<code>Userinit</code> is the first program that runs with the user credentials. It is responsible to start all the other programs that compose the user shell environment.
The shell program (typically <code>Explorer.exe</code>) is started from the registry entry <code>Shell=</code> pointed to by the same registry entry in key <code>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot</code>; its default value is <code>SYS:Microsoft\Windows NT\CurrentVersion\Winlogon</code>, which evaluates to <code>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon</code>.<ref>{{cite web |title=Different Shells for Different Users |date=October 7, 2008 |url=http://msdn.microsoft.com/en-us/library/ms838576.aspx |access-date=16 March 2014 |publisher=Microsoft Corporation}}</ref>
<code>Userinit</code> starts by loading the user profile. There are a few types of user profiles and it can be local or remote. This process can be very slow if the user profile is of the "roaming" type. User and Computer [[Group Policy]] settings are then applied and user scripts, machine scripts, and <code>proquota.exe</code> are run. Startup programs are started and then the shell configured in registry, which defaults to <code>explorer.exe</code>. Now <code>Userinit</code> exits and the shell program continues running without a parent process.
Line 137:
* Debugging Mode - Boots while loading the kernel debugger.
* Disable automatic restart on system failure - Disables the auto-reboot function after a [[Blue Screen of Death]] is experienced.
* Disable early launch anti-malware driver - ELAM prechecks boot required drivers for signatures and tampering. Disabling ELAM is intended to allow booting on false positive driver checks but could also allow a tampered driver to load.<ref>{{Cite web |last=QuinnRadich |title=Early launch antimalware - Win32 apps |url=https://docs.microsoft.com/en-us/windows/win32/w8cookbook/secured-boot |access-date=2021-12-14 |website=docs.microsoft.com |date=February 5, 2021 |language=en-us}}</ref>
* Disable Driver Signature Enforcement - Disables the kernel setting that prohibits unsigned drivers from loading.
* Start Windows Normally
Line 151:
PXE booting is not a technology specific to Windows and can also be used to start a Linux system. In fact, a Linux system can act as a server to service DHCP or TFTP.
PXE can be used to start Windows Setup to install the system on the client computer or to run the operating system from RAM. The latter, called Remote Boot, was introduced by Windows XP Embedded SP1<ref>{{cite web |title=Deploying Windows XP Embedded Remote Boot |url=http://msdn.microsoft.com/en-us/library/ms838569%28v=winembedded.5%29.aspx |access-date=18 April 2014 |work=MSDN |publisher=Microsoft Corporation}}</ref> and is only available for this flavor of Windows.<ref>{{cite web |title=Remote Boot Overview |url=http://msdn.microsoft.com/en-us/library/ms852360.aspx |access-date=19 April 2014 |work=MSDN |date=June 29, 2006 |publisher=Microsoft Corporation}}</ref>
The general process for both methods is as follows:
| |||