Windows Boot Process
Before you start troubleshooting on slow boot or logon delay issue ,you must be aware of Windows Boot Process. You can find various links explaining the Windows Boot Process in details bit by bit. I would try to give you an overview for both troubleshooting as well as interview purpose.
Windows Boot Process consist of several phases
Phase I : BIOS initialization
- The firmware identifies and initialize hardware devices and then runs the POST [Power On Self Test].
- After BIOS detects a valid system disk and reads MBR , POST process ends and Start Bootmgr.exe
- Bootmgr.exe finds and runs Winload.exe on Boot partition which is begining of II Phase OS Loader Phase
Phase II : OS Loader
- Winload.exe [Windows Loader] loads essential system drivers that are required for reading data from disk.
- It initializes windows so that kernel execution should start.
- Once kernel starts OS Loader loads registry hive and additional drivers which are marked as BOOT START.
Phase III : OS Initialization
OS Initialization phase can be divided into four sub-phases.
Phase III A : Kernal Initialization [PreSMSS]
- Kernal initializes data structure and components.
- Starts PnP [Plug and Play] manager .
- PnP Manager initializes the Boot Start drivers which was loaded during PHASE II [OS Loader]
Phase III B : Session Initialization [SMSSInit]
- Kernal passes control from Kernal Initialization[Phase III A ] to Session Manager process [Smss.exe]
- System initializes registry, loads and start the drivers other than Boot Start.
- Starts the subsystem process.
- Control is passed to Winlogon.exe
Phase III C : Winlogon Initialization [WinLogonInit]
- Winlogon.exe start with User Logon Screen .
- Service control manager starts services.
- Group policy script run during winlogon initialization.
Phase III D : Explorer Initialization [ExplorerInit]
- This sub-phse starts when Winlogon process passes control to Explorer process [Explorer.exe].
- Subsystem creates Desktop Windows Manager [DWM] process.
- DWM initializes desktop and display for the first time on screen.
After Phase III completion, all background activity that occurs after the desktop is ready. User can interact with desktop even system might be starting services and other activity in background . This part is called as POSTBoot Phase.
So in short we can define it as Once Powered on after POST, BIOS detects MBR and start Bootmgr.exe which execute winload.exe. winload.exe loads essential system drivers and initializes and starts Kernal. Kernal starts OS Loader which loads registry hives and additional BOOT START drivers. Kernal initialization starts PnP manager and initializes BOOT START drivers.It passes control to SMSS.exe which initializes registry and starts subsystem and then pass control to winlogon.exe. Winlogon.exe starts Users logon screen and starts service control manager and then passes control to Explorer.exe which creates Desktop windows manager initializing desktop and display for user interaction.
Since you are now aware of the stages and phases of the Boot sequence which might give you fair idea where to look for issue causing agent based on the symptoms.
One of the best tool XPERF , how to install XPERF and used for capturing the logs. Analysis of logs helps in finding and resolving the issue.