Once a Windows Desktop/Server machine is booted, the following steps are executed in this order:
- The firmware identifies and initializes hardware devices. The CMOS loads the BIOS and then runs POST (power-on-self-test).
- The BIOS detects a valid system disk and reads the MBR (master boot record) section.
- The Boot manager software (Bootmgr.exe) will be launched which in turn will look and start the Winload.exe process. Once Winload is executed, the OS Loader phase starts.
- The Windows Loader Binary (Winload.exe) is used to load system drives that are required to read data from the disk.
- Initializes the System to allow the Windows kernel to start its execution.
- The system registry hive and the drivers that are marked as BOOT_START are loaded.
- PreSMSS: Kernel Initialization – kernel initializes data structures and components and starts the PnP manager which will initialize the BOOT_START drivers that were previously loaded
- SMSSInit : Session Initialization – This phase starts when the kernel gives the session manager process (Smss.exe) the right to start its operation. The System will initialize the registry, load and start devices and drivers that are not marked as BOOT_START, and will start the subsystem processes.
- WinLogonInit: Winlogon Initialization – Once the SMSSInit phase is completed, the control is passed to Winlogon.exe. In this phase the user logon screen is displayed, the Service Control Manager starts Windows services, and Group Policy scripts are executed.
- ExplorerInit: Explorer Initialization – Once the WinLogonInit phase is completed, Explorer.exe is started. During the ExplorerInit phase, the system creates the Desktop Window Manager (DWM) process, which initializes and displays the Desktop.