Logon slow during "Applying settings" phase for windows - random

By exup1000 ·

I know there are countless start-up utilities that can identify what programs are starting up when windows is booted up. My question is how I monitor the progress of a program that is either hanging waiting for a response or is executing correctly but taking a long time to do so. Is there a way to show when a process is starting and completing, CPU usage etc that could indicate an unresponsive application or process during the logon process? We are experiencing long logon times (8 minutes and randomly) with our Win XP machines. We have also launched a new SOE as well as new utilities so it?s a bit of a minefield trying to diagnose where the fault lies. I suspect it could be our SMS inventory client but not sure how to prove if this is the case. I know I could remove the client and see if it makes a difference, but would prefer to know how to log these start-up processes if in future the rouge application is unknown.

Event logs show no errors
Windows boot up time is quick and not the problem.
Machines are new laptops

Regards Peter

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

First thing to check

by Jacky Howe In reply to Logon slow during "Applyi ...

is DHCP, or Static IP is in IP Address range. DNS is configured properly and Gateway settings if this is a new SOE. If all thes settings are correct then you could try this.

Process Monitor v1.26
By Mark Russinovich and Bryce Cogswell

Collapse -

Process Monitor

by exup1000 In reply to First thing to check

thanks for the reply, all the computers have DHCP enabled and no static addresses. DNS is all correctly setup (global organisation with 250,000 plus machines)

But thanks for reminding me. The tool you mention looks to be useful, as it mentions boot time logging. So will read up on how it works as it looks pretty comprehensive.


Collapse -

How was the

by Jacky Howe In reply to Process Monitor

SOE installed? If it was Ghosted you have to update the SID's. You will need to run newsid.exe on the PC's.

Collapse -

SOE installed via in house image process

by exup1000 In reply to How was the

the images are loaded via Power Quest basic imgae process, then a script runs to install extra packages. It does also utilise a SID generator (sysprep and setupmgr). I am still trying to use PROCMON from Sysinternals. Trouble is there is alot of data collection, so trying to read up on how the program is best used.


Collapse -

On another

by Jacky Howe In reply to SOE installed via in hous ...

track. Here is something else to ponder.

Logon Phase
The Windows subsystem starts Winlogon.exe, a system service that enables logging on and off. Winlogon.exe then does

the following:

Starts the Services subsystem (Services.exe), also known as the Service Control Manager (SCM).

Starts the Local Security Authority (LSA) process (Lsass.exe).

Parses the Ctrl+Alt+Del key combination at the Begin Logon prompt.

The Graphical Identification and Authentication (GINA) component collects the user name and password, and passes

this information securely to the LSA for authentication. If the user supplied valid credentials, access is granted

by using either the Kerberos V 5 authentication protocol or NTLM. For more information about security components,

such as LSA, Kerberos V5 protocol, or NTLM, see the Distributed Systems Guide of the Microsoft Windows 2000 Server

Resource Kit.

Winlogon initializes security and authentication components while the Service Control Manager initializes Auto-load

services and drivers. After the user logs on, the following events occur:

Control sets are updated.

The control set referenced by the LastKnownGood registry entry is updated with the contents in the Clone entry.

Clone, which is a copy of the CurrentControlSet entry, is created each time you start your computer. When a user

logs on, the LastKnownGood control set is updated with configuration information from the previous user session.

Group Policy settings take effect. This is the area that needs attention.

Group Policy settings that apply to the user and computer take effect. For more information about Group Policy, see
Chapter 1, ?Planning Deployments;? Chapter 5, ?Managing Desktops;? and Chapter 17, ?Managing Authorization and
Access Control,? and see ?Group Policy? in the Distributed Systems Guide of the Microsoft Windows 2000 Server
Resource Kit. Also, see the Change and Configuration Management Deployment Guide link on the Web Resources page at

Startup programs run.

Windows XP Professional starts logon scripts, startup programs, and services referenced in these registry subkeys
and folder locations:




HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
\Windows\ Run



systemdrive\Documents and Settings\All Users\Start Menu\Programs\ Startup

systemdrive\Documents and Settings\username\Start Menu\Programs\ Startup

windir\Profiles\All Users\Start Menu\Programs\Startup

windir\Profiles\username\Start Menu\Programs\Startup

The windir\Profiles folders exist only on systems that are upgraded from Windows NT 4.0. For more information on

registry keys used for starting programs, see article 179365, ?INFO: Run, RunOnce, RunServices, RunServicesOnce and

Startup,? in the Microsoft Knowledge Base at For additional information, see article

314488, ?How to Modify the List of Programs that Run When You Start Windows XP,? in the Microsoft Knowledge Base at

Windows XP Professional startup is not complete until a user successfully logs on to the computer.

Collapse -

Thanks - alot of information

by exup1000 In reply to On another

thanks for the reply, there is a lot of information to absorb here. So this is going to take a while. I think I might start of by taking a reverse attitude and create a new computer with the bear minimium of applications installed and slowly re-introduce GPO's and start up applications.


Collapse -

I really

by Jacky Howe In reply to Thanks - alot of informat ...

didn't mean to overload you. Sometimes it is the obvious that we overlook. Good luck. :)

Related Discussions

Related Forums