The Windows Session Manager now creates a session that will allow programs to be run. Under Vista, session 0 is reserved for Windows services, and Session Manager creates a second session for programs. It then launches another core Windows component, the Windows Client-Server Runtime SubSystem ('\windows\system32\csrss.exe').
Session Manager's final initialisation step under XP is to launch the log-on process. This does much more than just logging on, though, starting a security process ('\Windows \System32\Lsass.exe') and launching the Service Control Manager ('\Windows\System\Services.exe'). Finally it checks HKKLM\Software\Microsoft\WindowsNT\ CurrentVersion\WinLogon\GinaDLL, using that DLL to log you on if one is specified or otherwise launching the default \Windows\System32\MSGINA.DLL.
Under Vista this changes a little. A new process called 'WinInit.exe' handles the security and Service Control Manager work, while the logon uses a much more flexible Credential Provider system. There can be more than one of these, and Session Manager checks the HKLM\Software\ Microsoft\Windows NT\Currentversion\Authentication\ Credential Providers to find out what it must launch.
Most problems that occur here will be down to missing files, although there's always the possibility that malware will try to replace one of these Windows components. If you're experiencing difficulties, check the Registry keys we've mentioned for unusual entries.
The log-on process may not prompt you for a password if it's been configured that way (run 'CONTROL USERPASSWORDS2', select the account to automatically log in to and uncheck 'Users must enter a user name and password...'). However, otherwise it will display the log-on screen, then wait for you to enter your account details. This isn't entirely wasted time, though, as in the background the Service Control Manager (SCM) will be loading your Windows Services.
The SCM starts by browsing the Registry at HKLM\System\CurrentControlSet\Control\ServiceGroupOrder\ List. This lists service groups in the order in which they should be loaded, so 'Primary Disk' comes before 'Boot File System', for instance (the PC can't manipulate a file system until it can access a disk). The SCM then scans your list of services (HKLM\SYSTEM\CurrentControlSet\Services), looking for 'DependOnGroup' and 'DependOnService' keys. A network-related service might have a DependOn Service entry of 'TcpIp', say, as the TCP/IP service must be loaded first. The SCM uses this data to determine the order in which services must be loaded, then initialises all services with a startup type of Automatic (that's a Start value of 2).
Not all services are immediately essential, though, and so Vista tries to speed up the boot process with a new tweak. Non-critical services like Windows Media Player Network Sharing are assigned a startup value of 'Automatic (Delayed Start)', which means that the SCM starts it after everything else, with a very low initial priority. Any delayed start services get very few CPU or disc resources during their startup phase, which means they'll take a while to initialise, but Explorer and everything else should load more quickly by comparison.
If you're running Vista then you can probably extend the same trick to other, third-party services, and perhaps further improve your boot time. Launch 'services.msc' and browse the list. To change the Startup Type to 'Automatic (Delayed Start)' double-click the program entry. Repeat with non-essential services from applications you've installed, but be careful – apply the technique to more critical components, like antivirus tools, and you could crash your PC on the next boot. Don't experiment at all unless you have the backups to recover from any situation.
Once the SCM finishes loading your services, it waits for a signal from the Windows logon component to tell it that you've successfully logged on. If this happens, and all your autostart services have loaded without errors, then the current copy of HKLM\SYSTEM\CurrentControlSet is saved as the last known good confi guration, and will be used if you choose that option from the boot menu. Check the Registry key HKEY_LOCAL_MACHINE\SYSTEM\ Select to see the 'CurrentControlSet' copy you're using right now, and the one that's labelled as 'LastKnownGood'.