Domain Account Login Process on Windows 7

Q

How does Windows domain account login work on Windows 7?

✍: FYIcenter.com

A

Users can use a domain account to log on to a local computer running Windows 7 or other Windows system.

When you use a Windows domain account to log on to a Windows 7 system, the follow process will be used:

1. Winlogon (winlogon.exe) takes the domain account username in the form of domain-name\user-name (for example, fyicenter\john) and the password.

2. Winlogon calls GINA (Graphical Identification and Authentication, msgina.dll)

3. GINA calls LsaLogonUser() to communicate to LSA (Local Security Authority, lsasrv.dll) on the local computer.

4. LSA of the local computer connects to the LSA of the domain controller computer.

5. LSA of the domain controller uses Kerboros or Active Directory to authenticate the username and the password.

6. If the authentication is passed, an access token is returned back to GINA on the local computer.

7. GINA finishes up the login process.

The diagram shows the login process using a domain account on a local computer:
Windows 7 Domain Account Login Process

 

Windows Domain Account Login on Windows 7

⇒⇒Windows 7 Security

2017-03-11, 465👍, 0💬