Windows startup process From Wikipedia, the free encyclopedia (Redirected from Windows Startup Process) Jump to: navigation, search The Windows Startup Process is the process by which Microsoft's Windows series of operating systems initializes.
Contents [hide] • • •
1 DOS-based Windows 2 Windows NT 3 Windows Vista
•
4 References
[edit] DOS-based Windows In Windows 3.x and 95/98/ME, the boot loader phase is handled by MS DOS. During the boot phase, the Autoexec.bat and Config.sys are executed, along with the configuration settings files WIN.INI and SYSTEM.INI. Virtual device drivers are also loaded in the startup process : they are most commonly loaded from the registry (HKLM\System\CurrentControlSet\Services\VxD) or from the SYSTEM.INI file. When all system configuration files and device drivers have been loaded, the 32-bit VxD message server (Msgsrv32) starts Mprexe.exe, which is responsible for loading the network logon client (such as Client for Microsoft Networks, Microsoft Family Logon or Windows Logon). When a user is logging on to Windows, the startup sound is played, the shell (usually Explorer.exe) is loaded from the [boot] section of the SYSTEM.INI file, and startup items are loaded. In all DOS-based versions of Windows except ME, it is also possible to load Windows by booting to a DOS prompt and typing "win". There are some command line switches that can be used with the "Win" command: with the /d switch, Windows boots to safe mode, and with the /d:n switch, Windows boots to safe mode with networking. The latter switch only works properly with Windows 95 [1]. In Windows 3.1, additional options are available, such as /3, which starts Windows in 386 enhanced mode, and /s, which starts Windows in standard mode [2]
[edit] Windows NT Main article: Windows NT Startup Process In Windows NT, the boot loader is called NTLDR. It is responsible for accessing the file system on the boot drive, for starting Ntoskrnl.exe and for loading boot-time device drivers into memory. Once all the Boot and System drivers have been loaded, the kernel (system thread) starts the Session Manager Subsystem (smss.exe), which in turn starts Winlogon, which loads the graphical identification and authentication library. After a user has successfully logged in to the machine, Winlogon does the following: • •
User and Computer Group Policy settings are applied. Startup programs are run from the following locations: 1. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce 2. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Exp 3. 4. 5. 6. 7.
lorer\Run HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Run HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce All Users ProfilePath\Start Menu\Programs\Startup\ (please
note that this path is localized on non-English versions of Windows) 8. Current User ProfilePath\Start Menu\Programs\Startup\ (please note that this path is localized on non-English versions of Windows) In Windows 95/98/ME, it was also possible to run a program before the user logs on by using RunServicesOnce or RunServices keys. In Windows NT, this has been replaced by the Services.exe program, which is able to load a set of system services before a user logs on. Additionally, on English versions of Windows, the startup folder was called "StartUp" instead of "Startup" in Win9x. Adware\Spyware and other unwanted software might add itself to the system registry in order to be automatically started when a Windows NT system logs on. There are several programs that let the user control which programs automatically start when a Windows NT system logs on, including StartU, OSAM: Autorun Manager and Autoruns.
[edit] Windows Vista Main article: Windows Vista Startup Process
The sequence of booting Windows Vista is slightly different from any previous version of windows that uses the NT kernel. The operating system boot loader in Vista is called winload.exe, and is invoked by Windows Boot Manager. Additionally, the GINA that has been in use all versions of Windows NT since 3.1 has been entirely replaced by "Credential Providers".