First ... let me make this clear, I am not a security guru.
That given, my understanding is as follows:
When windows (Win-98, XP-Home/Pro, Win-2000) boots up it loads up the basic info on your hardware, audio/video, disk drive, etc. Much of this basic control info comes from the BIOS firmware ... no real security here/yet.
Once it can read your disk drive, etc., it finds & loads the OS (ie: the Windows-XP operating system itself) and then the OS loads its' registry, the device drivers, etc.
After the registry, etc., have been loaded, the OS will check some security settings in it. I do not know much about the details of registry entries involved in security so I won?t go there; but I do know that within the registry are a number of security settings including one which tells windows ''require login'' (verses just default everybody to ''administrator''), etc.
Anyway, if the registry indicates that logging in is required, it checks an (encrypted?) system maintained disk file containing user-ids and passwords to verify the user/password combo entered. If valid, it will then look in a directory (C:\Documents and Settings\<userid>...) for all the other user specific info (that user-ids ''profile'').
The C:\Documents and Settings\<userid>... directory holds the profile data and tracks things like what icons ''joe'' has on his desktop verses what icons ''fred'' has, etc. Most of the info in these files is system info (stuff you don't want to mess with); but there are also files that hold user specific start-up menu items and many other things which make the PC ''yours'' verses ''mine''. As you might expect some things like your IE favorites, history, cookies and cache files are also stored in this directory.
There are a couple of user-id profiles that are ''masters'' so to speak in that there is one which has the most power (''Administrator''), another that is the basic foundation common to all users (''All Users''), one that is used as a baseline when adding a user profile (''Default User'') and possibly others. Note: The user being logged in will have their profile effectively merged with the ''All Users'' profile.
I know, you can manually tweak the user ''profiles'' if you are careful (ie: add programs to ''send to'' or ''start menu''); but I would not mess with any but ''All Users'' and your own ... AND make sure you know the used-id and password for the administrator BEFORE you play here or you could end up being locked out and having to reformat/reload windows entirely! Never mess with the Admin profile!!!
Kinda dropping back to your question now ...
I would expect that it is a combination of the registry being set to tell Windows logging in is required followed by finding the users profile in C:\Documents and Settings\... to constitute/construct a ''USER'' ... no one place has it all, but the registry is the likely place for the login process control to begin (and I would suspect where your setting is getting lost/overlaid).
1. If the PC is configured as 'dual boot' (ie: you have both windows 98 and windows XP installed) there will be two registries (and I would guess two C:\Documents and Settings\... holding the profiles somehow).
2. You can logout of one profile and then logback in under another without rebooting.
3. Multiple users can be logged into one PC (running XP) at the sametime.
--- all of which could be enough to confuse anyone!
Long reply without solving your problem, but maybe educating anyway ... sorry so verbose.
GoodTime Charlie, VA