Windows NT Startup Process
Encyclopedia
The Windows NT startup process is the process by which Windows NT 4.0
, Windows 2000
, Windows XP
and Windows Server 2003
operating system
s initialize. In Windows Vista
and later, this process has changed slightly; see Windows Vista startup process
.
or x64 systems, the boot loader is called Windows Boot Manager (BOOTMGR). Prior to Windows Vista however, the boot loader was NTLDR
. Microsoft has also released operating systems for Intel Itanium processors which use IA-64 architecture. The boot loader of these editions of Windows is IA64ldr.efi (later referred as simply IA64ldr). It is an Extensible Firmware Interface
(EFI) program.
Both databases may contain a list of installed Microsoft operating systems that may be loaded from the local hard disk drive or a remote computer on the local network
. NTLDR supports operating systems installed on disks whose file system is NTFS
or FAT
file systems, CDFS (ISO 9660
) or UDFS. Windows Boot Manager also supports operating systems installed inside a VHD
file, stored on an NTFS disk drive.
In the Windows 2000 or in later versions of Windows which hibernation is supported, the Windows boot loader starts the search for operating systems by searching for hiberfil.sys. NTLDR looks into the root folder
of the default volume specified in boot.ini. Windows Boot Manager looks up the location of hiberfil.sys in BCD. If this file is found and an active memory set is found in it, the boot loader loads the contents of the file (which will match the amount of physical memory in the machine) into memory and restores the computer to the state that the was prior to hibernation.
Next, the boot loader looks for a list of installed operating system entries. If more than one operating system is installed, the boot loader shows a boot menu and allow the user to select an operating system. If a non NT-based operating system such as Windows 98
is selected (specified by an MS-DOS
style of path, e.g. C:\), then the boot loader loads the associated "boot sector" file listed in boot.ini or BCD (by default, this is bootsect.dos if no file name is specified) and passes execution control to it. Otherwise, the boot process continues.
The appropriate file system driver for the partition type (NTFS, FAT, or FAT32) which the Windows installation resides are amongst them. At this point in the boot process, the boot loader clears the screen and displays a textual progress bar, (which is often not seen due to the initialization speed); Windows 2000 also displays the text "Starting Windows..." underneath. If the user presses F8 during this phase, the advanced boot menu is displayed, containing various special boot modes including Safe mode
, with the Last Known Good Configuration, with debugging enabled, and (in the case of Server editions) Directory Services Restore Mode. Once a boot mode has been selected (or if F8 was never pressed) booting continues.
Next, the Windows NT kernel (Ntoskrnl.exe
) and the Hardware Abstraction Layer (hal.dll) are loaded into memory. If multiple hardware configurations are defined in the Windows Registry
, the user is prompted at this point to choose one.
With the kernel in memory, boot-time device drivers are loaded (but not yet initialized). The required information (along with information on all detected hardware and Windows Services) is stored in the
When a control set is chosen, the
For the purposes of booting, a driver may be one of the following:
With this finished, control is then passed from the boot loader to the kernel. At this time, Windows NT 4.0 shows number of CPUs and the amount of memory installed on a screen with blue background, whilst Windows 2000 and later show a graphical boot screen
unless boot loader configurations specify otherwise.
The initialization of the kernel subsystem and the Windows Executive subsystems is done in two phases.
During the first phase, basic internal memory structures are created, and each CPU's interrupt controller is initialized. The memory manager is initialized, creating areas for the file system cache, paged
and non-paged pools of memory. The Object Manager
, initial security token for assignment to the first process
on the system, and the Process Manager itself. The System idle process
as well as the System process are created at this point.
The second phase involves initializing the device drivers which were identified by NTLDR
as being system drivers.
Through the process of loading device drivers, a "progress bar" is visible at the bottom of the display on Windows 2000 systems; in Windows XP and Windows Server 2003, this was replaced by an animated bar which does not represent actual progress. Prior to Windows XP, this part of the boot process took significantly longer; this is because the drivers would be initialized one at a time. On Windows XP and Server 2003, the drivers are all initialized asynchronously.
(
Before any files are opened, Autochk http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/prkd_tro_mdca.asp is started by smss.exe. Autochk mounts all drives and checks them one at a time whether they were not shut down cleanly before. In that case it will automatically run chkdsk, however just before the user can abort this process by pressing any key within 10 seconds (this was implemented in Windows NT 4.0 Service Pack 4, in earlier versions you could not skip chkdsk). Since Windows 2000, XP and 2003 show no text screen at that point (unlike NT, which still shows the blue text screen), they will show a different background picture holding a mini-text-screen in the center of the screen and show the progress of chkdsk there.
At boot time, the Session Manager Subsystem :
The Session Manager stores its configuration at
Winlogon starts the Local Security Authority Subsystem Service
(LSASS) and Service Control Manager
(SCM), which in turn will start all the Windows services that are set to Auto-Start http://technet.microsoft.com/en-us/library/bb457123.aspx. It is also responsible for responding to the secure attention sequence
(SAS), loading the user profile on logon, and optionally locking the computer when a screensaver
is running.
The logon process is as follows:
After a user has successfully logged in to the machine, Winlogon does the following:
Windows NT 4.0
Windows NT 4.0 is a preemptive, graphical and business-oriented operating system designed to work with either uniprocessor or symmetric multi-processor computers. It was the next release of Microsoft's Windows NT line of operating systems and was released to manufacturing on 31 July 1996...
, Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
, Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
and Windows Server 2003
Windows Server 2003
Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...
operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s initialize. In Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
and later, this process has changed slightly; see Windows Vista startup process
Windows Vista Startup Process
The startup process of Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2 is different from any previous versions of Windows. For Windows Vista, the boot sector loads the Windows Boot Manager , which first looks for an active partition, then accesses the Boot Configuration...
.
Boot loader phase
Windows NT startup process starts when the computer finds a Windows boot loader, a portion of Windows operating system responsible for finding Microsoft Windows and starting it up. On IA-32IA-32
IA-32 , also known as x86-32, i386 or x86, is the CISC instruction-set architecture of Intel's most commercially successful microprocessors, and was first implemented in the Intel 80386 as a 32-bit extension of x86 architecture...
or x64 systems, the boot loader is called Windows Boot Manager (BOOTMGR). Prior to Windows Vista however, the boot loader was NTLDR
NTLDR
NTLDR is the boot loader for all releases of Windows NT operating system up to and including Windows XP and Windows Server 2003. NTLDR is typically run from the primary hard disk drive, but it can also run from portable storage devices such as a CD-ROM, USB flash drive, or floppy disk...
. Microsoft has also released operating systems for Intel Itanium processors which use IA-64 architecture. The boot loader of these editions of Windows is IA64ldr.efi (later referred as simply IA64ldr). It is an Extensible Firmware Interface
Extensible Firmware Interface
The Unified Extensible Firmware Interface is a specification that defines a software interface between an operating system and platform firmware...
(EFI) program.
Operating system selection
The boot loader, once executed, searches for a Windows operating system. Windows Boot Manager does so by reading Boot Configuration Data (BCD), a complex firmware-independent database for boot-time configuration data. Its predecessor, NTLDR, does so by reading the simpler boot.ini. If the boot.ini file is missing, the boot loader will attempt to locate information from the standard installation directory. For Windows NT and 2000 machines, it will attempt to boot from C:\WINNT. For Windows XP and 2003 machines, it will boot from C:\WINDOWS.Both databases may contain a list of installed Microsoft operating systems that may be loaded from the local hard disk drive or a remote computer on the local network
Local area network
A local area network is a computer network that interconnects computers in a limited area such as a home, school, computer laboratory, or office building...
. NTLDR supports operating systems installed on disks whose file system is NTFS
NTFS
NTFS is the standard file system of Windows NT, including its later versions Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008, Windows Vista, and Windows 7....
or FAT
File Allocation Table
File Allocation Table is a computer file system architecture now widely used on many computer systems and most memory cards, such as those used with digital cameras. FAT file systems are commonly found on floppy disks, flash memory cards, digital cameras, and many other portable devices because of...
file systems, CDFS (ISO 9660
ISO 9660
ISO 9660, also referred to as CDFS by some hardware and software providers, is a file system standard published by the International Organization for Standardization for optical disc media....
) or UDFS. Windows Boot Manager also supports operating systems installed inside a VHD
VHD (file format)
A Virtual Hard Disk is a virtual hard disk file format, meaning it can contain what is found on a physical hard disk drive, such as disk partitions and a file system, which in turn can contain files and folders. It is typically used as the hard disk of a virtual machine...
file, stored on an NTFS disk drive.
In the Windows 2000 or in later versions of Windows which hibernation is supported, the Windows boot loader starts the search for operating systems by searching for hiberfil.sys. NTLDR looks into the root folder
Root directory
In computer file systems, the root directory is the first or top-most directory in a hierarchy. It can be likened to the root of a tree — the starting point where all branches originate.-Metaphor:...
of the default volume specified in boot.ini. Windows Boot Manager looks up the location of hiberfil.sys in BCD. If this file is found and an active memory set is found in it, the boot loader loads the contents of the file (which will match the amount of physical memory in the machine) into memory and restores the computer to the state that the was prior to hibernation.
Next, the boot loader looks for a list of installed operating system entries. If more than one operating system is installed, the boot loader shows a boot menu and allow the user to select an operating system. If a non NT-based operating system such as Windows 98
Windows 98
Windows 98 is a graphical operating system by Microsoft. It is the second major release in the Windows 9x line of operating systems. It was released to manufacturing on 15 May 1998 and to retail on 25 June 1998. Windows 98 is the successor to Windows 95. Like its predecessor, it is a hybrid...
is selected (specified by an MS-DOS
MS-DOS
MS-DOS is an operating system for x86-based personal computers. It was the most commonly used member of the DOS family of operating systems, and was the main operating system for IBM PC compatible personal computers during the 1980s to the mid 1990s, until it was gradually superseded by operating...
style of path, e.g. C:\), then the boot loader loads the associated "boot sector" file listed in boot.ini or BCD (by default, this is bootsect.dos if no file name is specified) and passes execution control to it. Otherwise, the boot process continues.
Loading Windows NT kernel
The operating system starts when certain basic drivers flagged as "Boot" are loaded into memory.The appropriate file system driver for the partition type (NTFS, FAT, or FAT32) which the Windows installation resides are amongst them. At this point in the boot process, the boot loader clears the screen and displays a textual progress bar, (which is often not seen due to the initialization speed); Windows 2000 also displays the text "Starting Windows..." underneath. If the user presses F8 during this phase, the advanced boot menu is displayed, containing various special boot modes including Safe mode
Safe Mode
Safe mode is a diagnostic mode of a computer operating system . It can also refer to a mode of operation by application software. Safe mode is intended to fix most, if not all problems within an operating system...
, with the Last Known Good Configuration, with debugging enabled, and (in the case of Server editions) Directory Services Restore Mode. Once a boot mode has been selected (or if F8 was never pressed) booting continues.
Next, the Windows NT kernel (Ntoskrnl.exe
Ntoskrnl.exe
ntoskrnl.exe is the kernel image for the family of Microsoft Windows NT operating systems...
) and the Hardware Abstraction Layer (hal.dll) are loaded into memory. If multiple hardware configurations are defined in the Windows Registry
Windows registry
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...
, the user is prompted at this point to choose one.
With the kernel in memory, boot-time device drivers are loaded (but not yet initialized). The required information (along with information on all detected hardware and Windows Services) is stored in the
HKEY_LOCAL_MACHINE\System portion of the registry, in a set of registry keys collectively called a Control Set. Multiple control sets (typically two) are kept, in the event that the settings contained in the currently-used one prohibit the system from booting. HKEY_LOCAL_MACHINE\System contains control sets labeled ControlSet001, ControlSet002, etc., as well as CurrentControlSet. During regular operation, Windows uses CurrentControlSet to read and write information. CurrentControlSet is a reference to one of the control sets stored in the registry. Windows picks the "real" control set being used based on the values set in the HKLM\SYSTEM\Select registry key:
-
Defaultwill be the boot loader's choice if nothing else overrides this - If the value of the
Failedkey matchesDefault, then the boot loader displays an error message, indicating that the last boot failed, and gives the user the option to try booting anyway, or to use the "Last Known Good Configuration". - If the user choose (or has chosen) Last Known Good Configuration, the control set indicated by the
LastKnownGoodkey is used instead ofDefault.
When a control set is chosen, the
Current key gets set accordingly. The Failed key is also set to the same as Current until the end of the boot process. LastKnownGood is also set to Current if the boot process completes successfully.For the purposes of booting, a driver may be one of the following:
- A "Boot" driver that is loaded by the boot loader prior to starting the kernel. "Boot" drivers are almost exclusively drivers for hard-disk controllers and file systems (ATAAT AttachmentParallel ATA , originally ATA, is an interface standard for the connection of storage devices such as hard disks, solid-state drives, floppy drives, and optical disc drives in computers. The standard is maintained by X3/INCITS committee...
, SCSISCSISmall Computer System Interface is a set of standards for physically connecting and transferring data between computers and peripheral devices. The SCSI standards define commands, protocols, and electrical and optical interfaces. SCSI is most commonly used for hard disks and tape drives, but it...
, file system filter manager, etc.); in other words, they are the absolute minimum that the kernel will need to get started with loading other drivers, and the rest of the operating system. - A "System" driver which is loaded and started by the kernel after the boot drivers. "System" drivers cover a wider range of core functionality, including the display driver, CD-ROM support, and the TCP/IP stack.
- An "Automatic" driver which is loaded much later when the GUI already has been started.
With this finished, control is then passed from the boot loader to the kernel. At this time, Windows NT 4.0 shows number of CPUs and the amount of memory installed on a screen with blue background, whilst Windows 2000 and later show a graphical boot screen
Bootsplash
Bootsplash is a term for a graphical representation of the boot process of the operating system.Bootsplash can be a simple visualisation of the scrolling boot messages in the console, but it can also present graphics or some combinations of both....
unless boot loader configurations specify otherwise.
Kernel loading phase
- ntoskrnl.exe (the kernel)
- hal.dll (type of hardware abstraction layer)
- kdcom.dll (Kernel Debugger HW Extension DLL)
- bootvid.dll (for the windows logo and side-scrolling bar)
- config\system registry
- HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
- Process services in the order provided
- *HKLM\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder
The initialization of the kernel subsystem and the Windows Executive subsystems is done in two phases.
During the first phase, basic internal memory structures are created, and each CPU's interrupt controller is initialized. The memory manager is initialized, creating areas for the file system cache, paged
Paging
In computer operating systems, paging is one of the memory-management schemes by which a computer can store and retrieve data from secondary storage for use in main memory. In the paging memory-management scheme, the operating system retrieves data from secondary storage in same-size blocks called...
and non-paged pools of memory. The Object Manager
Object Manager (Windows)
Object Manager is a subsystem implemented as part of the Windows Executive which manages Windows resources. Each resource, which are surfaced as logical objects, resides in a namespace for categorization. Resources can be physical devices, files or folders on volumes, Registry entries or even...
, initial security token for assignment to the first process
Process (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...
on the system, and the Process Manager itself. The System idle process
System idle process
In Windows NT operating systems, the System Idle Process contains one or more kernel threads which run when no other runnable thread can be scheduled on a CPU. For example, there may be no runnable thread in the system, or all runnable threads are already running on a different CPU...
as well as the System process are created at this point.
The second phase involves initializing the device drivers which were identified by NTLDR
NTLDR
NTLDR is the boot loader for all releases of Windows NT operating system up to and including Windows XP and Windows Server 2003. NTLDR is typically run from the primary hard disk drive, but it can also run from portable storage devices such as a CD-ROM, USB flash drive, or floppy disk...
as being system drivers.
Through the process of loading device drivers, a "progress bar" is visible at the bottom of the display on Windows 2000 systems; in Windows XP and Windows Server 2003, this was replaced by an animated bar which does not represent actual progress. Prior to Windows XP, this part of the boot process took significantly longer; this is because the drivers would be initialized one at a time. On Windows XP and Server 2003, the drivers are all initialized asynchronously.
Session Manager
Once all the Boot and System drivers have been loaded, the kernel (system thread) starts the Session Manager SubsystemSession Manager Subsystem
Session Manager Subsystem, or smss.exe, is a component of the Microsoft Windows NT operating system and successor operating systems. It is executed during the startup process of Windows NT, Windows 2000, XP, Server 2003 and Vista. At this time it:...
(
smss.exe).Before any files are opened, Autochk http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/prkd_tro_mdca.asp is started by smss.exe. Autochk mounts all drives and checks them one at a time whether they were not shut down cleanly before. In that case it will automatically run chkdsk, however just before the user can abort this process by pressing any key within 10 seconds (this was implemented in Windows NT 4.0 Service Pack 4, in earlier versions you could not skip chkdsk). Since Windows 2000, XP and 2003 show no text screen at that point (unlike NT, which still shows the blue text screen), they will show a different background picture holding a mini-text-screen in the center of the screen and show the progress of chkdsk there.
At boot time, the Session Manager Subsystem :
- Creates environment variables (
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment) - Starts the kernel-mode side of the Win32 subsystem (win32k.sys). This allows Windows to switch into graphical mode as there is now enough infrastructure in place.
- Starts the user-mode side of the Win32 subsystem, the Client/Server Runtime Server SubsystemClient/Server Runtime Server SubsystemClient/Server Runtime Subsystem, or csrss.exe, is a component of the Microsoft Windows NT operating system that provides the user mode side of the Win32 subsystem and is included in Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows Server 2008 and Windows 7...
(csrss.exe). This makes Win32 available to user-mode applications. - Creates virtual memoryVirtual memoryIn computing, virtual memory is a memory management technique developed for multitasking kernels. This technique virtualizes a computer architecture's various forms of computer data storage , allowing a program to be designed as though there is only one kind of memory, "virtual" memory, which...
paging files (HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management) - Performs any rename operations that are queued up. This allows previously in-use files (e.g. drivers) to be replaced as part of a reboot.
- Starts the Windows Logon ManagerWinlogonIn computing, Winlogon is the component of Microsoft Windows operating systems that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screensaver is running...
(winlogon.exe). Winlogon is responsible for handling interactive logons to a Windows system (local or remote). The Graphical Identification aNd AuthenticationGraphical identification and authenticationThe graphical identification and authentication library is a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services....
(GINA) library is loaded inside the Winlogon process, and provides support for logging in as a local or Windows domainWindows Server domainA Windows domain is a collection of security principals that share a central directory database. This central database contains the user accounts and security information for...
user.
The Session Manager stores its configuration at
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager. The exact operation of most of these items is based on the configuration set in the registry.Winlogon
Winlogon starts the Local Security Authority Subsystem Service
Local Security Authority Subsystem Service
Local Security Authority Subsystem Service , is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens...
(LSASS) and Service Control Manager
Service Control Manager
Service Control Manager is a special system process under Windows NT family of operating systems, which starts, stops and interacts with Windows service processes. It is located in %SystemRoot%\services.exe executable...
(SCM), which in turn will start all the Windows services that are set to Auto-Start http://technet.microsoft.com/en-us/library/bb457123.aspx. It is also responsible for responding to the secure attention sequence
Secure attention key
A secure attention key is a special key or key combination to be pressed on a computer keyboard before a login screen must be trusted by a user. The operating system kernel, which interacts directly with the hardware, is able to detect whether the secure attention key has been pressed...
(SAS), loading the user profile on logon, and optionally locking the computer when a screensaver
Screensaver
A screensaver is a type of computer program initially designed to prevent phosphor burn-in on CRT and plasma computer monitors by blanking the screen or filling it with moving images or patterns when the computer is not in use...
is running.
The logon process is as follows:
- Winlogon calls GINAGraphical identification and authenticationThe graphical identification and authentication library is a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services....
- (Optional) Logon prompt is displayed by GINA, and the user presses the secure attention sequence (Control-Alt-DeleteControl-Alt-DeleteControl-Alt-Delete is a computer keyboard command on IBM PC compatible systems that can be used to reboot the computer, and summon the task manager or Windows Security in more recent versions of the Microsoft Windows operating system...
) - Logon dialog is displayed by GINA
- User enters credentials (username, password, and domain)
- GINA passes credentials back to Winlogon
- Winlogon passes credentials to LSASS, which determines which account database is to be used:
- Local SAMSecurity Account ManagerThe Security Accounts Manager is a registry file in Windows NT, Windows 2000, Windows XP, Windows Vista and Windows 7. It stores users' passwords in a hashed format...
- Domain SAM
- Active DirectoryActive DirectoryActive Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
- Local SAM
- LSASS enforces the local security policy (checking user permissions, creating audit trails, doling out security tokens, etc.).
After a user has successfully logged in to the machine, Winlogon does the following:
- Updates the Control Sets; the LastKnownGood control set is updated to reflect the current control set.
- User and Computer Group PolicyGroup PolicyGroup Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules that control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and...
settings are applied. - Starts the shell program (typically
Explorer.exe) from the registry entryShell=pointed to by the same registry entry in key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot http://msdn.microsoft.com/en-us/library/ms838576.aspx; its default value is SYS:Microsoft\Windows NT\CurrentVersion\Winlogon, which evaluates to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
- Startup programs are run from the following locations http://technet.microsoft.com/en-us/library/bb457123.aspx:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\LoadHKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\RunHKCU\Software\Microsoft\Windows\CurrentVersion\RunHKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce%ALLUSERSPROFILE%\Start Menu\Programs\Startup\ (please note that this path is localized on non-English versions of Windows before Vista)%USERPROFILE%\Start Menu\Programs\Startup\ (please note that this path is localized on non-English versions of Windows before Vista)
At some point after calling GINA, the registry is checked for a string named 'autoadminlogon' and if it exists user credentials can be pulled from the registry and automatically inserted into the GINA.
-
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\autoadminlogon
Winlogon's responsibilities have changed significantly from the above in Windows Vista.
Remote booting & installation
- The Boot Information Negotiation Layer (BINL) is a Windows 2000Windows 2000Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
service that makes it possible for installation to be done on computers that are able to remotely boot.
See also
- Architecture of Windows NT
- Windows Startup ProcessWindows startup processThe Windows Startup Process is the process by which Microsoft's Windows series of operating systems initializes.-Windows 1.x/2.x:In Windows versions 1.01 to Windows/386, the system was loaded when WIN.COM was executed. It then loaded win100.bin/win200.bin and win100.ovl/win200.ovl, along with the...
- Linux startup processLinux startup processThe Linux startup process is the process of Linux-operating system initialization. It is in many ways similar to the BSD and other Unix style boot processes, from which it derives.-Overview of typical process:...
- BootingBootingIn computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
- Master boot recordMaster boot recordA master boot record is a type of boot sector popularized by the IBM Personal Computer. It consists of a sequence of 512 bytes located at the first sector of a data storage device such as a hard disk...
- Power-on self-testPower-on self-testPower-On Self-Test refers to routines run immediately after power is applied, by nearly all electronic devices. Perhaps the most widely-known usage pertains to computing devices...
- BootVisBootVisBootVis is a computer application that allows PC manufacturers to check how long a Windows XP machine takes to boot, and then to optimize the boot process, sometimes considerably reducing the time required...
Further reading
-
-
-
-
-
External links