wininit.exe

The »Windows Start-Up Application«

wininit.exe is started by BOOTMGR.

Some tasks that wininit.exe performs include

• Create event Global\FirstLogonCheck (which is used by winlogon.exe to determine which winlogon was first?)
• Create a WinlogonLogoff event
• Create a periodic timer queue which allows the kernel debugger to break into any user-mode process (unless NoDebugThread is set in HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon)
• Assign value to the environment variable COMPUTERNAME
• Update and configure TCP/IP information such as domain name and host name.
• Assign values to environment variables USERPROFILE (what value excactly), ALLUSERSPROFILE, PUBLIC and ProgramData
• Create %SystemRoot%\Temp
• If session 0 is an interactive session, Desktop Window Manager (DWM) and font loading is initiated(?)
• The initial terminal is created. This terminal consists of a window station (named Winsta0) and two Desktops (Winlogon and Default) for processes that run in session 0.
• The Local Security Authority (LSA) machine encryption key is initialized.
• The Service Control Manager (services.exe) is started.
• The Local Security Authority Subsystem Service (lsass.exe) is created.
• If credential guard is enabled, the Isolated LSA Trustlet (lsaiso.exe) is started.
• If a setup is required or this is the first booting up, the setup program is launched.
• It waits until either a shutdown is requested or one of the created processes crashes (unless DontWatchSysProcs is set in the registry)