Talk:Windows NT Startup Process
From Wikipedia, the free encyclopedia
Contents |
[edit] Initial Startup Phase
POST => Boot Device => MBR => Bootable Primary Partition => NTLDR ?
[edit] Kernel Loading Phase
This is where(?)
- System Idle Process
- SYSTEM
process starts?
- In short, yes. The "System Idle Process" isn't well-named... It's actually a thread that resides in the kernel (one per CPU) that swallows up any time not used by another process, and puts the CPU into idle mode (which reduces power usage). The "System" process is where most of the kernel threads hang out and do their work. Warrens 03:52, 13 February 2006 (UTC)
[edit] Log on phase
is this where user.exe is loaded? Where does WPA come into the boot process? What services are typically started, and from what? explorer.exe, services.exe, svchost.exe. Maybe some pictures of various logon boxes?
- These are good things to be added to the article. user.exe, however, is not a part of Windows NT-based systems, save for providing backwards compatibility with 16-bit Windows 3.x applications. Should also note that images of Windows boot screens is unfortunately a violation of their copyright, so such things can't really be used here. I agree it'd be nice, though. Warrens 03:52, 13 February 2006 (UTC)
Where also does userinit.exe fall into play? 70.82.42.107 05:48, 1 March 2006 (UTC)
- WPA is integrated into winlogon.exe. Services are launched by services.exe and their definition is in SCM database, which is in fact stored in registry under HKLM\SYSTEM\CurrentControlSet\Services key. Svchost.exe is process used to host many system services and this process is launched as these services are started. And finally, explorer.exe, or more generally comma-separated list of processes under the Shell value in the HKLM\SOFTWARE\Microsoft\Windows NT\Winlogon key, is launched from userinit.exe. And this process (or more generally, comma-separated list of processes under Userinit value) is launched from GINA. Jakub Horky 14:00, 6 November 2006 (UTC)
[edit] Expansion
I'll be working on this page (and most of its descendants) through Fri Jan 27 and Sat Jan 28. Given that there are probably thousands of computers going through this exact startup process even as I type this, surely we can do a better job of explaining it. :-) Warrens 02:21, 28 January 2006 (UTC)
[edit] Spyware / Virus Removal
Thanks for adding to this discussion. I was looking around on the WWW for a decent article on how NT systems start up. This is valuable information for diagnostic, and removal of spyware / viruses and setting things back to default. Excellent.
[edit] Loading Shell (if any)
Worth mentioning loading the shell, as other startup items have been mentioned but not this? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Win XP)
- Yes, shell is launched by userinit.exe and that information should surely be included in the article. But I won't do that because I'm pretty sure Warrens will come and revert it by abusing again his "no source = no inclusion" rule. Jakub Horky 23:41, 6 November 2006 (UTC)
[edit] Structure
Curious as to what others think in regards to setting the format to numbered lists.
Paragraph explanation
- step
- explanation...
- step 2
SNIa 14:05, 19 February 2006 (UTC)
[edit] System partition and boot partition Merge
I don't think system partition and boot partition should be merged as this can be involved into boot processes of other systems. SNIa 04:29, 1 March 2006 (UTC)
[edit] Some corrections
There are some errors in the startup process description as is described in the main article; most notably:
- LSASS is started before Winlogon, and before lots of other things; it manages the security, so it has to be in place before (almost) everything else starts.
- The SCM is not started by Winlogon (otherwise a user logon would be required to start services); it's started at the same time Winlogon starts and operates independently.
- Computer group policies are applied before any user logon as well.
Also, a really useful info to be added are the various Windows screens displayed in the various boot process phases; here they are:
- Initial text-mode progress bar: Windows is loading boot drivers here.
- Windows bitmap with graphic progress bar: Windows is loading system drivers
- At this point, the GUI is started and the main window is displayed; it shows various messages, corresponding to later boot phases:
- "Starting Windows": LSASS and SMSS are started
- "Preparing network connections": networking is initialized and services are started by SCM
- "Applying computer settings": computer policies are applied
- "Installing managed software": any software being deployed through computer group policies is installed
- At this point, Winlogon is started and the CTRL-ALT-DELETE window is displayed; services are running
- An user inputs his/her credentials; if the logon is succesful, some other steps follow:
- "Loading personal settings": the user profile is loaded (maybe from a network server)
- "Applying personal settings": user policies are applied
- "Installing managed software": any software being deployed through user group policies is installed
- Finally the Windows shell is started and any application specified in the "Run" registry keys and in the Startup folders are started
Massimo80 22:52, 8 May 2006 (UTC)
- Your description of what starts LSASS and the SCM is directly contradicted both by the sources cited by this article and by various books on the subject, all of which state that they are started by WINLOGON. Given that you provide no source to verify your alternative description of the process, whereas the article as it currently stands both cites and agrees with its sources, the article should continue to read as it currently does. Please see our Wikipedia:Verifiability policy. Your logic ("otherwise a user logon would be required to start services" "it has to be in place before [WINLOGON]") is also faulty. Uncle G 16:45, 8 June 2006 (UTC)
- Yes, your theory is false. Winlogon.exe starts all those processes. It starts: (following information is related mainly to XP)
- process specified by ServiceControllerStart value in the registry, defaulted to "services.exe" (== SCM)
- Then (in some circumstances) it starts process specified by SaveDumpStart value in the registry, defaulted to "savedump.exe".
- Then it starts process specified by LsaStart value in the registry, defaulted to "lsass.exe"
- And finally, it starts all comma-separated processes specified by System value in the registry, defaulted to nothing.
- All registry values reside in the HKLM\SOFTWARE\Microsoft\Windows NT\Winlogon key.
- But there is another inaccuracy: the launch of SCM & LSASS is done in very early stage of winlogon.exe processing. It is definitely before the user is prompted to press Ctrl-Alt-Del, for example. Jakub Horky 13:48, 6 November 2006 (UTC)
[edit] setup.exe
Where in this process would HKLM\SYSTEM\SETUP\CmdLine appear?
This would be before scandisk? SNIa 07:27, 4 June 2006 (UTC)
- I think that key is only ever called during the GUI stage of Setup. The Chkdsk stuff is called as part of SMSS's initialization, and I don't think SMSS is able to run yet before the GUI setup is completd. Warrens 04:44, 5 June 2006 (UTC)
- I did a test and I set this value back to setup -newsetup and this process started on the next boot. SNIa 04:28, 29 June 2006 (UTC)
When I start the windows startup process, I press shift + F10, get the command prompt, then type taskmgr I see the following on setup -newsetup:
- taskmgr.exe
- svchost.exe
- svchost.exe
- svchost.exe
- setup.exe
- lsass.exe
- services.exe
- winlogon.exe
- csrss.exe
- smss.exe
- System
- System Idle Process
SNIa 18:27, 28 July 2006 (UTC)
-
- Process specified by CmdLine value is started by winlogon.exe (even on already installed system) when SetupType value is set to 0x1 or 0x4. It is started after the start of processes such as SCM or SMSS, but before loading GINA. Winlogon then doesn't do anything else - it just waits and when the process quits, winlogon initiates system shutdown. Jakub Horky 23:26, 6 November 2006 (UTC)
[edit] Precision
[edit] Name of kernel : ntoskrnl, ntkrnlmp, ntkrnlpa, ntkrpamp
- NTOSKRNL.EXE : 1 CPU
- NTKRNLMP.EXE : N CPU SMP
- NTKRNLPA.EXE : 1 CPU, PAE
- NTKRPAMP.EXE : N CPU SMP PAE
[edit] Autochk and smss.exe
HKLM\SYSTEM\CurrentControlSet\ControlSessionManager\BootExecute
the default value of this key is AUTOCHK.
- The default value is "autocheck autochk *". These parts have various meanings: "autocheck" is just the flag for SMSS (another such flag is e.g. "async"). "autochk" is name of the process which has to be launched (autochk.exe) and "*" is command-line argument for the process. Jakub Horky 23:37, 6 November 2006 (UTC)
[edit] sp1 of Windows Server 2003 : Boot-time policy
See also boot-time policy
Romanc19s 15:07, 20 August 2006 (UTC)
[edit] Bootstrap Without BIOS Disk Access
I find this to be a bit confusing: If the boot disk is a SCSI disk and cannot be accessed using the BIOS's firmware support, an additional file, Ntbootdd.sys is loaded. If the BIOS doesn't provide disk access then how does the bootsector code load NTLDR and how does NTLDR load ntbootdd.sys?
It would be nice if this article, Master boot record and boot sector referenced a PC bootstrapping article that would explain what basic services are available to the bootloader in IDE/SCSI/etc. environments.
[edit] Autochk details
"Autochk mounts all drives and checks them one at a time whether they were not shut down cleanly before. In that case it will automatically run chkdsk, ..."
1) Autochk doesn't mount any drives. It is non-critical process where it doesn't matter if it won't run while startup.
2) Autochk does NOT run chkdsk.exe. Chkdsk.exe is usermode executable which is dependent on Win32 subsystem. Autochk.exe is its native variant. The file system checking is implemented right in autochk.exe. (This is the same e.g. for autofmt.exe, autolfn.exe or autoconv.exe.) Jakub Horky 00:18, 7 November 2006 (UTC)
