Windows 7 / Getting Started

Logon Phase

The Windows subsystem starts Winlogon.exe, a system service that enables you to log on and log off. Winlogon.exe then does the following:

  • Starts the Services subsystem (Services.exe), also known as the SCM. The SCM initializes services that the registry entry Start designates as Autoload in the registry subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Servicename.
  • Starts the Local Security Authority (LSA) process (Lsass.exe).
  • Parses the Ctrl+Alt+Delete key combination at the Begin Logon prompt (if the computer is part of an AD DS domain).

The logon user interface (LogonUI) feature and the credential provider (which can be the standard credential provider or a third-party credential provider) collect the user name and password (or other credentials) and pass this information securely to the LSA for authentication. If the user supplied valid credentials, access is granted by using either the default Kerberos V 5 authentication protocol or Windows NT LAN Manager (NTLM).

Winlogon initializes security and authentication features while PnP initializes auto-load services and drivers. After the user logs on, the control set referenced by the registry entry LastKnownGood (located in HKLM\SYSTEM\Select) is updated with the contents in the CurrentControlSet subkey. By default, Winlogon then starts Userinit.exe and the Windows Explorer shell. Userinit may then start other processes, including:

  • Group Policy settings take effect Group Policy settings that apply to the user and computer take effect.
  • Startup programs run When not overridden by Group Policy settings, Windows starts logon scripts, startup programs, and services referenced in the following registry subkeys and file system folders:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \Explorer\Run
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows \Run
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
    • SystemDrive\Documents and Settings\All Users\Start Menu\Programs\Startup
    • SystemDrive\Documents and Settings\username\Start Menu\Programs\Startup

Several applications might be configured to start by default after you install Windows, including Windows Defender. Computer manufacturers or IT departments might configure other startup applications.

Windows startup is not complete until a user successfully logs on to the computer. If startup fails during the logon phase, you have a problem with a service or application configured to start automatically. For troubleshooting information, see the section titled "How to Temporarily Disable Startup Applications and Processes" later in this tutorial. If you experience a Stop error during this phase, use the information provided by the Stop message to isolate the failing feature.

[Previous] [Contents] [Next]

In this tutorial:

  1. Configuring Startup and Troubleshooting Startup Issues
  2. What is New with Windows Startup
  3. Boot Configuration Data
  4. BCD Stores
  5. System Recovery
  6. Windows Boot Performance Diagnostics
  7. Understanding the Startup Process
  8. Power-on Self Test Phase
  9. Initial Startup Phase
  10. Initial Startup Phase for BIOS Computers
  11. Initial Startup Phase for EFI Computers
  12. Windows Boot Manager Phase
  13. Windows Boot Loader Phase
  14. Kernel Loading Phase
  15. Control Sets
  16. Values for the Start Registry Entry
  17. Value Descriptions for Type Entries
  18. Other Registry Entries in the Servicename Subkeys
  19. Session Manager
  20. Logon Phase
  21. Important Startup Files
  22. How to Configure Startup Settings
  23. How to Use the Startup And Recovery Dialog Box
  24. How to Use the System Configuration Tool
  25. How to Use BCDEdit
  26. How to Interpret BCDEdit Output
  27. How to Back Up and Restore Settings
  28. How to Change the Default Operating System Entry
  29. How to Change the Boot Menu Time-Out
  30. How to Change the Order of Boot Manager Menu Items
  31. How to Create an Entry for Another Operating System
  32. How to Remove a Boot Entry
  33. How to View and Update Global Debugger Settings
  34. How to Remove the Windows 7 Boot Loader
  35. How to Configure a User Account to Automatically Log On
  36. How to Disable the Windows Startup Sound
  37. How to Speed Up the Startup Process
  38. The Process of Troubleshooting Startup
  39. Startup Troubleshooting Before the Starting Windows Logo Appears
  40. How to Start the System Recovery Tools
  41. How to Run Startup Repair
  42. How to Use BootRec.exe
  43. How to Diagnose Hardware Problems
  44. How to Use System Restore
  45. How to Manually Repair the Boot Sector
  46. How to Manually Update the BCD Registry File
  47. How to Manually Replace Files
  48. How to Reinstall Windows
  49. Startup Troubleshooting After the Starting Windows Logo Appears
  50. How to Restore the Last Known Good Configuration
  51. How to Enable Boot Logging
  52. How to Start in Safe Mode
  53. How to Identify Failing Drivers and Services
  54. How to Analyze Startup Problems in Safe Mode
  55. Event Viewer (Eventvwr.msc)
  56. System Information
  57. Error Reporting Service
  58. How to Use Device Manager to View or Change Resources
  59. How to Analyze Boot Logs
  60. How to Roll Back Drivers
  61. How to Temporarily Disable a Service
  62. Troubleshooting Startup Problems After Logon
  63. How to Temporarily Disable Startup Applications and Processes
  64. How to Disable Startup Applications Using the Shift Key
  65. How to Disable Startup Programs Using the System Configuration Utility
  66. How to Disable Startup Applications Configured Using Group Policy or Logon Scripts
  67. How to Permanently Disable Startup Applications and Processes
  68. Manually Remove the Entry