D.3 The Login Process

D.3.1 Windows Login Process

Winlogon starts the Local Security Authority Subsystem Service (LSASS) and Service Control Manager (SCM), which in turn start all the Windows services that are set to auto-start. Winlogon is also responsible for responding to the Secure Attention Sequence (SAS), loading the user profile on logon, and optionally locking the computer when a screen saver is running.

The logon process is as follows:

  1. Winlogon calls GINA (Graphical Identification and Authentication).

  2. GINA displays the Logon prompt.

  3. The user presses the secure attention sequence (Control+Alt+Delete).

  4. GINA displays the Logon dialog box.

  5. The user enters the credentials (username, password, and domain).

  6. GINA passes the credentials back to Winlogon.

  7. Winlogon passes the credentials to LSASS, which determines which account database is to be used:

    • Local SAM

    • Domain SAM

    • Active Directory

  8. LSASS enforces the Local Security Policy (checking user permissions, creating audit trails, issuing security tokens, and so forth).

  9. After a user has successfully logged in to the machine, Winlogon does the following:

    1. Updates the control sets.

    2. Applies the User and Computer Group Policy settings.

    3. Starts the shell program (typically Explorer.exe).

    4. Runs the Startup programs from the following locations:

      • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

      • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

      • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

      • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load

      • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

      • HKCU\Software\Microsoft\Windows\CurrentVersion\Run

      • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

      • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\

      • %USERPROFILE%\Start Menu\Programs\Startup\

D.3.2 ZENworks Configuration Management Login Process

The ZENworks Configuration Management login sequence is as follows:

  1. The ZENLgn interface displays a dialog box for the user to enter credentials.

  2. ZMD (ZENworks Management Daemon) sends the Obtain an Auth Token call to the CASA client.

  3. The CASA client sends the Get Auth Policy call to the ATS server on the ZENworks Configuration Management Authentication server.

    The Get Auth Policy call is made to identify the authentication mechanisms that have been configured on the ZENworks Configuration Management server.

  4. The Get Auth Policy call sends the mechanisms configured on the ZENworks Configuration Management server back to the CASA client.

  5. The Authenticate call is sent from the CASA client to the ATS server.

  6. The credentials are validated with eDirectory, Active Directory, or Domain Services for Windows, and a reply is returned from the directory, indicating whether the credentials are correct.

  7. This reply is sent to the ATS server, which creates a session token.

  8. The session token is sent to the CASA client.It succeeds if the credentials are valid or sends error messages for a failure.

  9. The CASA client creates Get Auth Token requests to identify attributes such as Grace Login and restrictions for changing password for that particular user.

    The Grace Login attribute was added in ZENworks 11 SP1.

  10. The details are sent back to the CASA client.

    The ZENworks Configuration Management Login flow of events is depicted in the following diagram:

    Figure D-1 ZENworks Configuration Management Authentication Sequence