Computer Startup cont…

Boot Loader Process

It then loads the Windows Registry Keys into memory and scans the HKEY_LOCAL_MACHINE\SYSTEM\Services key seeking device drivers and places them into memory.

Initiate paging which the computer stores and retrieve data from secondary storage(hard drive) to use in main memory(RAM).

The Boot Loader then passes control over to the operating system kernel.  

Kernel Loading Process

Windows Registry is read by Windows Boot Loader retrieving information from the HKEY_LOCAL_MACHINE\SYSTEM to check which device drivers should be loaded at startup. The kernel then creates the registry key HKEY_LOCAL_MACHINE\HARDWARE containing the hardware configuration.

When the Kernel initiates the Boot Loader and Ntoskrnl they will use the information in the HKEY_LOCAL_MACHINE\SYSTEM \CurrentControlSet\Services\Servicenam.subkeys determining which drivers and services to load.

Logon Process

The log on and log off process is handled by the Windows subsystem (self-contained system within a larger system) which is starts the Winlogon.exe service. The Winlogon starts the services.exe initiating services in the registry entry Autoload contained in the registry subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Servicename. Included in that function is the the Local Security Authority (LSA) process Local Security Authority Subsystem Service (Lsass) which handles security and other security related policies. Plug and Play (PnP) initializes autoload services and drivers. Windows will then initiate the logon scripts, programs, and services in the following subkeys:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \Explorer\Run


HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows \Run



SystemDrive\Documents and Settings\All Users\Start Menu\Programs\Startup

SystemDrive\Documents and Settings\username\Start Menu\Programs\Startup


It’s the LogonUI  (logon user interface) that collects the username and password. If Kerberos V5 (authentication protocol) verifies the username and password then access is granted.

Other applications, such as what is configured in the startup menu and the computer manufacturer’s default settings will start up like Windows Defender.

Finally, the start up process is complete once the user has successfully logged on.

Full Disclosure:

The links / banners on are affiliate links, which they have granted this website the honor of advertising their merchandise. I will earn a commission if you click on the link or make a purchase using that link. If you make a purchase, the price you pay will be the same whether you use my affiliate link or go directly to the vendor’s website. By using my affiliate links, you are helping support this site and I genuinely appreciate your patronage.

4 thoughts on “Computer Startup cont…

  1. Ollie

    Wow! This is really interesting. Who the hell would know all the mechanism happen in the background. I didn’t. Thanks for sharing your knowledge, Wanda.

  2. Kira

    Hi, this is somewhat difficult to grasp, but I do know I want to learn. I intend to read it over again so I’m bookmarking this page. Thanks.

    1. Wanda Post author

      Hi Kira, it can be difficult at first, but take your time and you’ll get it. It will all come together.



Leave a Reply

Your email address will not be published. Required fields are marked *