x
Home
Search
Topics
Almanac
Science
Nature
People
History
Society
Signup
Login
HOME
TOPICS
ALMANAC
SCIENCE
NATURE
PEOPLE
HISTORY
SOCIETY
PHILOSOPHY
Winlogon
Topic Home
Discussion
0
Encyclopedia
In computing, Winlogon is the component of Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...

s that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screensaver
Screensaver
A screensaver is a type of computer program initially designed to prevent phosphor burn-in on CRT and plasma computer monitors by blanking the screen or filling it with moving images or patterns when the computer is not in use...

 is running (requiring another authentication step). The actual obtainment and verification of user credentials is left to other components.
Winlogon is a common target for several threats that could modify its function and memory usage. Increased memory usage for this process might indicate that it has been "hijacked".
In Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...

 and later operating systems, Winlogon's roles and responsibilities have changed significantly.

Overview

Winlogon handles interface functions that are independent of authentication policy. It creates the desktops for the window station, implements time-out operations, and in versions of Windows prior to Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...

, provides a set of support functions for the GINA
Graphical identification and authentication
The graphical identification and authentication library is a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services....

 and takes responsibility for configuring machine and user Group Policy
Group Policy
Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules that control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and...

.

Winlogon also checks if the copy of Windows is a legitimate license in Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...

 and later versions.

Winlogon has the following responsibilities:
  • Window station and desktop protection
Winlogon sets the protection of the window station and corresponding desktops to ensure that each is properly accessible. In general, this means that the local system will have full access to these objects and that an interactively logged-on user will have read access to the window station object and full access to the application desktop object.

  • Standard SAS recognition
Winlogon has special hooks into the User32 server that allow it to monitor Control-Alt-Delete
Control-Alt-Delete
Control-Alt-Delete is a computer keyboard command on IBM PC compatible systems that can be used to reboot the computer, and summon the task manager or Windows Security in more recent versions of the Microsoft Windows operating system...

 secure attention sequence (SAS) events. Winlogon makes this SAS event information available to GINAs
Graphical identification and authentication
The graphical identification and authentication library is a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services....

 to use as their SAS, or as part of their SAS. In general, GINAs
Graphical identification and authentication
The graphical identification and authentication library is a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services....

 should monitor SASs on their own; however, any GINA that has the standard ++ SAS as one of the SASs it recognizes should use the Winlogon support provided for this purpose.

  • SAS routine dispatching
When Winlogon encounters a SAS event or when a SAS is delivered to Winlogon by the GINA, Winlogon sets the state accordingly, changes to the Winlogon desktop, and calls one of the SAS processing functions of the GINA.

  • User profile loading
When users log on, their user profiles are loaded into the registry. In this way, the processes of the user can use the special registry key HKEY_CURRENT_USER. Winlogon does this automatically after a successful logon but before activation of the shell for the newly logged-on user.

  • Assignment of security to user shell
When a user logs on, the GINA is responsible for creating one or more initial processes for that user. Winlogon provides a support function for the GINA to apply the security of the newly logged-on user to these processes. However, the preferred way to do this is for the GINA to call the Windows function CreateProcessAsUser, and let the system provide the service.

  • Screen saver control
Winlogon monitors keyboard and mouse activity to determine when to activate screen savers. After the screen saver is activated, Winlogon continues to monitor keyboard and mouse activity to determine when to terminate the screen saver. If the screen saver is marked as secure, Winlogon treats the workstation as locked. When there is mouse or keyboard activity, Winlogon invokes the WlxDisplayLockedNotice function of the GINA and locked workstation behavior resumes. If the screen saver is not secure, any keyboard or mouse activity terminates the screen saver without notification to the GINA.

  • Multiple network provider support
Multiple networks installed on a Windows system can be included in the authentication process and in password-updating operations. This inclusion lets additional networks gather identification and authentication information all at once during normal logon, using the secure desktop of Winlogon. Some of the parameters required in the Winlogon services available to GINAs
Graphical identification and authentication
The graphical identification and authentication library is a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services....

 explicitly support these additional network providers.

See also

  • List of Microsoft Windows components
  • Architecture of the Windows NT operating system line
    Architecture of the Windows NT operating system line
    The architecture of Windows NT, a line of operating systems produced and sold by Microsoft, is a layered design that consists of two main components, user mode and kernel mode. It is a preemptive, reentrant operating system, which has been designed to work with uniprocessor and symmetrical multi...

  • Vundo (a trojan that attaches itself to winlogon.exe)

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
Silverdale Interactive © 2024. All Rights Reserved.
 
x
OK