Winlogon

Winlogon

In computing, Winlogon is the component of Microsoft Windows operating systems that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screensaver is running (requiring another authentication step). The actual obtainment and verification of user credentials is left to other components.Winlogon is a common target for several threats that could modify its function and memory usage. Increased memory usage for this process might indicate that it has been "hijacked".In Windows Vista and later operating systems, Winlogon's roles and responsibilities have changed significantly.

Overview

Winlogon handles interface functions that are independent of authentication policy. It creates the desktops for the window station, implements time-out operations, and on versions of Windows prior to Windows Vista, provides a set of support functions for the GINA and takes responsibility for configuring machine and user Group Policy.

Winlogon also checks if the copy of Windows is a legitimate license in Windows XP and later versions.

Winlogon has the following responsibilities:

*Window station and desktop protection:Winlogon sets the protection of the window station and corresponding desktops to ensure that each is properly accessible. In general, this means that the local system will have full access to these objects and that an interactively logged-on user will have read access to the window station object and full access to the application desktop object.

*Standard SAS recognition:Winlogon has special hooks into the User32 server that allow it to monitor Control-Alt-Delete secure attention sequence (SAS) events. Winlogon makes this SAS event information available to GINAs to use as their SAS, or as part of their SAS. In general, GINAs should monitor SASs on their own; however, any GINA that has the standard keypress|Ctrl+keypress|Alt+keypress|Del SAS as one of the SASs it recognizes should use the Winlogon support provided for this purpose.

*SAS routine dispatching:When Winlogon encounters a SAS event or when a SAS is delivered to Winlogon by the GINA, Winlogon sets the state accordingly, changes to the Winlogon desktop, and calls one of the SAS processing functions of the GINA.

*User profile loading:When users log on, their user profiles are loaded into the registry. In this way, the processes of the user can use the special registry key HKEY_CURRENT_USER. Winlogon does this automatically after a successful logon but before activation of the shell for the newly logged-on user.

*Assignment of security to user shell:When a user logs on, the GINA is responsible for creating one or more initial processes for that user. Winlogon provides a support function for the GINA to apply the security of the newly logged-on user to these processes. However, the preferred way to do this is for the GINA to call the Windows function CreateProcessAsUser, and let the system provide the service.

*Screen saver control:Winlogon monitors keyboard and mouse activity to determine when to activate screen savers. After the screen saver is activated, Winlogon continues to monitor keyboard and mouse activity to determine when to terminate the screen saver. If the screen saver is marked as secure, Winlogon treats the workstation as locked. When there is mouse or keyboard activity, Winlogon invokes the WlxDisplayLockedNotice function of the GINA and locked workstation behavior resumes. If the screen saver is not secure, any keyboard or mouse activity terminates the screen saver without notification to the GINA.

*Multiple network provider support:Multiple networks installed on a Windows system can be included in the authentication process and in password-updating operations. This inclusion lets additional networks gather identification and authentication information all at once during normal logon, using the secure desktop of Winlogon. Some of the parameters required in the Winlogon services available to GINAs explicitly support these additional network providers.

ee also

*List of Microsoft Windows components
*Architecture of the Windows NT operating system line

External links

* [http://msdn.microsoft.com/en-us/magazine/cc163803.aspx Customizing Gina - Part 1]
* [http://support.microsoft.com/kb/q193361/ MSKB:193361 MSGINA.DLL does not Reset WINLOGON Structure]
* [http://www.ppedia.com/p664_winlogon-winlogon.exe.htm Winlogon and Winlogon Trojan]
* [http://snsays.com/26/removing-winlogon-virus/ Step-by-step guide to removing Winlogon Trojans ]
* [http://blog.blanar.net/files/FUN210_Ben-Menahem_Tucker.ppt Windows Vista and Windows Server 2008: Understanding, Enhancing and Extending Security End-to-end] — Microsoft PowerPoint presentation that includes information on changes to Winlogon in Windows Vista and Windows Server 2008


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Winlogon — est un composant de Windows qui gère l ouverture et la fermeture de session, et le Ctrl Alt Delete. En particulier, il charge le profil d un utilisateur après qu il s est authentifié il gère l écran de veille ; sur le retour au mode normal,… …   Wikipédia en Français

  • Winlogon — Winlogon  компонент операционной системы Microsoft Windows, отвечающий за вход в систему и т. д. Содержание 1 Краткий обзор 2 Критичность процесса Winlogon 3 …   Википедия

  • Winlogon — En informática, Winlogon es el componente de los sistemas operativos Microsoft Windows que es responsable de manejar la Secuencia de atención segura (SAS), cargar el perfil de usuario al inicio de sesión, y opcionalmente bloquear al sistema… …   Wikipedia Español

  • Winlogon.exe — Winlogon  компонент операционной системы Microsoft Windows, отвечающий за вход в систему. и т.д. Содержание 1 Краткий обзор 2 Критичность процесса Winlogon 3 Функции Winlogon …   Википедия

  • Windows Logon Process — Winlogon  компонент операционной системы Microsoft Windows, отвечающий за вход в систему. и т.д. Содержание 1 Краткий обзор 2 Критичность процесса Winlogon 3 Функции Winlogon …   Википедия

  • Windows NT Logon Application — Winlogon  компонент операционной системы Microsoft Windows, отвечающий за вход в систему. и т.д. Содержание 1 Краткий обзор 2 Критичность процесса Winlogon 3 Функции Winlogon …   Википедия

  • Windows NT startup process — The Windows NT startup process is the process by which Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003 operating systems initialize. In Windows Vista and later, this process has changed slightly; see Windows Vista startup process …   Wikipedia

  • Processus de demarrage de Windows NT — Processus de démarrage de Windows NT Le processus de démarrage de Windows NT est le processus par lequel Windows 3.1, 3.5, 4.0, 2000, XP, et 2003 s initialisent. Pour Windows Vista (NT 6.0) et les successeurs, le processus est substantiellement… …   Wikipédia en Français

  • Processus de démarrage de Windows NT — Le processus de démarrage de Windows NT est le processus par lequel Windows 3.1, 3.5, 4.0, 2000, XP, et 2003 s initialisent. Pour Windows Vista (NT 6.0) et les successeurs, le processus est substantiellement différent. Sommaire 1 Phase de… …   Wikipédia en Français

  • Processus de démarrage de windows nt — Le processus de démarrage de Windows NT est le processus par lequel Windows 3.1, 3.5, 4.0, 2000, XP, et 2003 s initialisent. Pour Windows Vista (NT 6.0) et les successeurs, le processus est substantiellement différent. Sommaire 1 Phase de… …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”