Responsibilities of Winlogon
- Window Station And Desktop Protection Winlogon sets the protection of the window station and corresponding desktops to ensure each is properly accessible. In general, this means that Local System has full access to these objects, and an interactively logged-on user (if there is one) has read access to the window station object and full access to the application desktop object.
- Standard SAS Recognition Winlogon has special hooks into the User32 server that allow it to monitor CTRL+ALT+DEL as a secure attention sequence. Winlogon makes this special relationship available to GINAs to use as their SAS, or as part of their SAS. That is, in general GINAs should monitor SASes on their own. Any GINA that uses the standard CTRL+ALT+DEL key combination as its SAS (or one of several SASes it supports) should use the Winlogon support provided for this purpose.
- SAS Routine Dispatching When Winlogon encounters a standard SAS (if configured to monitor standard SAS) or when an SAS is delivered to Winlogon by a GINA, Winlogon sets state accordingly, changes to the Winlogon desktop, and dispatches to one of the GINA's SAS processing routines.
- User Profile Loading When users log on, their user profiles are loaded into the registry. This gives the user's processes use of the special registry key HKEY_LOCAL_USER. Winlogon does this automatically following successful logon, but before activation of the newly logged-on user's shell.
- Assignment of Security To User Shell When a user logs on, GINA is responsible for creating one or more initial processes for that user (see "Responsibilities of GINA," below). Winlogon provides a service for GINA to apply the newly logged on user's security to these processes.
- Screen saver Control Winlogon monitors keyboard and mouse activity to determine when to activate screen savers. Once the screen saver is activated, Winlogon continues to monitor keyboard and mouse activity to determine when to terminate the screen saver. If the screen saver is marked as secure, Winlogon treats the workstation as locked. When there is mouse or keyboard activity, Winlogon invokes WlxDisplayLockedNotice(), and typical locked workstation behavior resumes. If the screen saver is not secure, any keyboard or mouse activity terminates the screen saver without notification to GINA.
- Multiple Network Provider Support Multpile networks installed on a Windows NT can be included in the authentication process and in password updating operations. This allows these other networks to gather identification and authentication information all at one time during normal logon, using Winlogon's secure desktop. Some of the parameters required in the Winlogon services available to GINAs explicitly support these additional network providers.