Users must provide their credentials for authentication during the login stage of the Windows startup process. This occurs after the system has completed the initial boot and POST (Power-On Self-Test) phases and has loaded the Windows operating system to the point where the logon screen is presented to the user. At this login stage:
- The user is prompted to enter credentials (such as username and password, PIN, or smart card) via the Logon UI (LogonUI.exe), which displays the secure logon interface
- Winlogon.exe manages secure user interactions and collects the credentials entered by the user, then passes them to the Local Security Authority Subsystem Service (LSASS, lsass.exe) for authentication
- LSASS authenticates the credentials by invoking authentication packages (such as MSV1_0, NTLM, or Kerberos) and verifies the user against local accounts or Active Directory if applicable
- Only after successful authentication does the system proceed to load the user profile and desktop environment, completing the logon process
Thus, the critical point where users must provide their credentials is at the login stage , which is near the end of the Windows startup sequence and before the user’s desktop session begins
