The graphical identification and authentication (GINA) is a component of
Windows NT 3.51,
Windows NT 4.0
Windows NT 4.0 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It is the direct successor to Windows NT 3.51, which was released to manufacturing on July 31, 1996, and then to retail ...
,
Windows 2000
Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RTM), releas ...
,
Windows XP
Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and ...
and
Windows Server 2003
Windows Server 2003 is the sixth version of Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2 ...
that provides secure authentication and interactive
logon services. GINA is a replaceable
dynamically linked library
Dynamic-link library (DLL) is Microsoft's implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems. These libraries usually have the file extension DLL, OCX (for libraries containing ActiveX controls), or ...
that is loaded early in the boot process in the context of
Winlogon
In computing, Winlogon (Windows Logon) is the component of Microsoft Windows operating systems that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screens ...
when the machine is started. It is responsible for handling the
secure attention sequence, typically
Control-Alt-Delete
Control-Alt-Delete (often abbreviated to Ctrl+Alt+Del, also known as the "three-finger salute" or "Security Keys") is a computer keyboard command on IBM PC compatible computers, invoked by pressing the Delete key while holding the Control and ...
, and interacting with the user when this sequence is received. GINA is also responsible for starting initial processes for a user (such as the
Windows Shell
The Windows shell is the graphical user interface for the Microsoft Windows operating system. Its readily identifiable elements consist of the desktop, the taskbar, the Start menu, the task switcher and the AutoPlay feature. On some versions of W ...
) when they first log on.
GINA is discontinued in
Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
.
Overview
A default GINA library, MSGINA.DLL, is provided by Microsoft as part of the operating system, and offers the following features:
*Authentication against Windows
domain
Domain may refer to:
Mathematics
*Domain of a function, the set of input values for which the (total) function is defined
**Domain of definition of a partial function
**Natural domain of a partial function
**Domain of holomorphy of a function
* Do ...
servers with a supplied user name/password combination.
*Displaying of a
legal notice
Notice is the legal concept describing a requirement that a party be aware of legal process affecting their rights, obligations or duties. There are several types of notice: public notice (or legal notice), actual notice, constructive notice Ser ...
to the user prior to presenting the logon prompt.
*Automatic Logon, allowing for a user name and password to be stored and used in place of an interactive logon prompt. Automatic logon can also be configured to execute only a certain number of times before reverting to interactive logon. In older versions of
Windows NT
Windows NT is a proprietary graphical operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems sc ...
, the password could only be stored in plain text in the registry; support for using the
Local Security Authority's private storage capabilities was introduced in Windows NT 4.0 Workstation Service Pack 3 and Windows NT Server 3.51.
*"Security Options" dialog when the user is logged on, which provides options to shut down, log off, change the password, start the
Task Manager
In operating systems, a task manager is a system monitor program used to provide information about the processes and applications running on a computer, as well as the general status of the computer. Some implementations can also be used to t ...
, and lock the workstation.
Winlogon can be configured to use a different GINA, providing for non-standard authentication methods such as
smart card
A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...
readers or identification based on
biometrics
Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify in ...
, or to provide an alternate visual interface to the default GINA. Developers who implement a replacement GINA are required to provide implementations for a set of
API
An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how ...
calls which cover functionality such as displaying a "workstation locked" dialog, processing the secure attention sequence in various user states, responding to queries as to whether or not locking the workstation is an allowed action, supporting the collection of user credentials on
Terminal Services
Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine ...
-based connections, and interacting with a
screensaver
A screensaver (or screen saver) is a computer program that blanks the display screen or fills it with moving images or patterns when the computer has been idle for a designated time. The original purpose of screensavers was to prevent phosphor ...
.
A custom GINA could be made entirely from scratch, or just be the original GINA with modifications. A custom GINA can be specified by placing a string named GinaDLL in the
registry Registry may refer to:
Computing
* Container registry, an operating-system-level virtualization registry
* Domain name registry, a database of top-level internet domain names
* Local Internet registry
* Metadata registry, information system for re ...
location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. The Winlogon component is solely responsible for calling these APIs in the GINA library.
When the Winlogon process starts, it compares its version number to that which is supported by the loaded GINA library. If the GINA library is of a higher version than Winlogon, Windows will not boot. This is done because a GINA library written for a given version of Winlogon will expect a certain set of API calls to be provided by Winlogon.
Support for replaceable GINA DLLs was introduced with Windows NT Server 3.51 and Windows NT Workstation 4.0 SP3. Successive versions of Windows have introduced additional functionality into Winlogon, resulting in additional functionality that can be implemented by a replacement GINA.
Windows 2000
Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RTM), releas ...
, for example, introduced support for displaying status messages (including verbose messages that can be turned on through
Group Policy
Group Policy is a feature of the Microsoft Windows NT family of operating systems (including Windows 7, Windows 8.1, Windows 10, Windows 11, and Windows Server 2003+) that controls the working environment of user accounts and computer accounts. G ...
) about the current state to the user (e.g. "Applying computer settings."), and starting applications in the user's context; this facilitates restarting
Windows Explorer
File Explorer, previously known as Windows Explorer, is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file ...
automatically if it crashes, as well as starting the Task Manager.
Windows XP
Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and ...
introduced support for
Fast User Switching
Fast user switching is a feature of a multi-user operating system which allows users to switch between user accounts without quitting applications and logging out.
In Linux
The Linux kernel's VT subsystem dates back to 1993 and does not under ...
,
Remote Desktop
In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely off of one system (usually a PC, but the concept applies equally to a server or a ...
and a more interactive, simplified and user-friendly full-screen logon.
End of life
In
Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
, GINA has been replaced by credential providers, which allow for significantly increased flexibility in supporting multiple credential collection methods. To support the use of multiple GINA models, a complex chaining method used to be required and custom GINAs often did not work with
fast user switching
Fast user switching is a feature of a multi-user operating system which allows users to switch between user accounts without quitting applications and logging out.
In Linux
The Linux kernel's VT subsystem dates back to 1993 and does not under ...
. GINA libraries do not work with Windows Vista and later Windows versions. One difference, however, is that GINA could completely replace the Windows logon user interface; Credential Providers cannot.
See also
*
List of Microsoft Windows components
The following is a list of Microsoft Windows computer program, components.
Configuration and maintenance
User interface
Applications and utilities
Windows Server components
File systems
Core components
Services
This list i ...
*
Winlogon
In computing, Winlogon (Windows Logon) is the component of Microsoft Windows operating systems that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screens ...
*
Windows NT startup process
The booting process of Windows NT includes Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003. In Windows Vista and later, this process has changed significantly; see Windows NT 6 startup process for information about what has chan ...
References
External links
Winlogon and GINA developer information on how the login components interact
Customizing GINA Part 1 Developer tutorial for writing a custom GINA.
Customizing GINA Part 2 Developer tutorial for writing a custom GINA.
pGina Open Source Windows Authentication
{{Windows Components
Microsoft Windows security technology
Windows components