Winlogon, LogonUI, and session sign-in

The visible and semi-visible path from secure attention to a fully signed-in session.

Official Microsoft docs

Closest official references related to this topic on Microsoft Learn.

Microsoft Learn

Responsibilities of Winlogon

learn.microsoft.com

Microsoft Learn

Credentials processes in Windows authentication

learn.microsoft.com

This ties together startup, the secure desktop, user sign-in, and the point where Windows begins launching the user's environment.

Winlogon coordinates secure interaction, LogonUI gathers credentials, and the authenticated result is handed into the security subsystem.

1Secure attention and sign-in UI are presented on a protected desktop.
2Credential providers gather the data needed for authentication.
3After success, Windows transitions from sign-in infrastructure to the user's desktop and shell environment.

LogonUI: The sign-in user interface that renders credential provider tiles and prompts.
Secure desktop: A protected desktop used for sensitive prompts such as logon and UAC.

That secure attention sequence ensures the sign-in path is brokered by trusted Windows components rather than an ordinary process.

Winlogon is not just 'the login window'. It is coordinating secure interaction, session transition, and later shell bring-up.

Ranked from your current topic, related links, branch depth, and any active guided path.

intermediate

The protected security process and data stores behind local accounts and policy decisions.

Next step in your guided path

intermediate

SIDs, privileges, impersonation, and the identity payload every process carries.

The early user-mode path from system process creation to an interactive desktop.