Responsibilities of GINA

Secure Attention Sequence Monitoring GINA is responsible for recognizing a secure attention sequence and monitoring for those events. Note that there may be more than one secure attention sequence and the definition of secure attention sequence may change over time. For example, there may be one set of SASes when Winlogon is in the Logged Off state and another set when it is in the Logged On state. Winlogon services are provided to assist GINA in using the CTRL+ALT+DEL key combination as a secure attention sequence.
SAS Processing One reason for modularizing Winlogon and making GINA replaceable is to provide alternative identification and authentication mechanisms. To do this, GINA must present all user interfaces resulting from the recognition of a secure attention sequence. When no user is logged on, GINA is responsible for collecting identification and authentication (as well as any other non-authenticated functions to be allowed). When a user is logged on, GINA is responsible for presenting whatever options or taking whatever actions deemed appropriate. For example, in a system that includes a smart card, it may be appropriate to automatically lock the workstation if the user removes the smart card.
Shell Activation When a user logs on, GINA is responsible for creating one or more initial processes for that user. (In this document, it is assumed that these initial processes present an interface, referred to as a shell, to the user. However, the processes could actually be any processes and do not necessarily have to interact with the user.) These processes are referred to as the User Shell, or just Shell. As part of shell activation, GINA must assign the newly logged-on user's token to the processes, so the initial process(es) must be created suspended and the token assigned before the process(es) can run. Winlogon provides a service to assist Gina in assigning the token.