| The following attempts to document the order of processing the system and user policies following a system reboot and as part of the user logon: -
Network starts, then Remote Procedure Call System Service (RPCSS) and Multiple Universal Naming Convention Provider (MUP) start. -
Where Active Directory is involved, an ordered list of Group Policy Objects (GPOs) is downloaded and applied. The list may include GPOs that: -
Apply to the location of machines in a Directory. -
Apply only when settings have changed. -
Depend on configuration of the scope of applicability: local, site, domain, organizational unit, and so on. No desktop user interface is presented until the above have been processed . -
Execution of start-up scripts (hidden and synchronous by default). -
A keyboard action to effect start of logon (Ctrl-Alt-Del). -
User credentials are validated , user profile is loaded (depends on policy settings). -
An ordered list of user GPOs is obtained. The list contents depends on what is configured in respect of: -
Is the user a Domain Member, thus subject to particular policies? -
Loopback enablement, and the state of the loopback policy (Merge or Replace). -
Location of the Active Directory itself. -
Has the list of GPOs changed? No processing is needed if not changed. -
User Policies are applied from Active Directory. Note: There are several types. -
Logon scripts are run. New to Windows 200x and Active Directory, logon scripts may be obtained based on Group Policy objects (hidden and executed synchronously). NT4-style logon scripts are then run in a normal window. -
The User Interface as determined from the GPOs is presented. Note: In a Samba domain (like an NT4 Domain), machine (system) policies are applied at start-up; user policies are applied at logon. |