Boot Loader Process
It then loads the Windows Registry Keys into memory and scans the HKEY_LOCAL_MACHINE\SYSTEM\Services key seeking device drivers and places them into memory.
Initiate paging which the computer stores and retrieve data from secondary storage(hard drive) to use in main memory(RAM).
The Boot Loader then passes control over to the operating system kernel.
Kernel Loading Process
Windows Registry is read by Windows Boot Loader retrieving information from the HKEY_LOCAL_MACHINE\SYSTEM to check which device drivers should be loaded at startup. The kernel then creates the registry key HKEY_LOCAL_MACHINE\HARDWARE containing the hardware configuration.
When the Kernel initiates the Boot Loader and Ntoskrnl they will use the information in the HKEY_LOCAL_MACHINE\SYSTEM \CurrentControlSet\Services\Servicenam.subkeys determining which drivers and services to load.
The log on and log off process is handled by the Windows subsystem (self-contained system within a larger system) which is starts the Winlogon.exe service. The Winlogon starts the services.exe initiating services in the registry entry Autoload contained in the registry subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Servicename. Included in that function is the the Local Security Authority (LSA) process Local Security Authority Subsystem Service (Lsass) which handles security and other security related policies. Plug and Play (PnP) initializes autoload services and drivers. Windows will then initiate the logon scripts, programs, and services in the following subkeys:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows \Run
SystemDrive\Documents and Settings\All Users\Start Menu\Programs\Startup
SystemDrive\Documents and Settings\username\Start Menu\Programs\Startup
It’s the LogonUI (logon user interface) that collects the username and password. If Kerberos V5 (authentication protocol) verifies the username and password then access is granted.
Other applications, such as what is configured in the startup menu and the computer manufacturer’s default settings will start up like Windows Defender.
Finally, the start up process is complete once the user has successfully logged on.
The links / banners on windowsregistrykeys.com are affiliate links, which they have granted this website the honor of advertising their merchandise. I will earn a commission if you click on the link or make a purchase using that link. If you make a purchase, the price you pay will be the same whether you use my affiliate link or go directly to the vendor’s website. By using my affiliate links, you are helping support this site and I genuinely appreciate your patronage.