search

Logon

Stuff about logon process.

hashtag
Types of Logon

The Authentication Services protocols provide authentication services for applications like:

  • interactive applications, such as Winlogon, or

  • distributed client and server applications, such as a web browser, web server, or a file client or a file server, or

  • any other type of client and server application

through the following methods:

  • Interactive Logon

    • Local Logon

    • Domain Logon/Smart Card Domain Logon

  • Network

LogoWindows Logon ScenariosMicrosoftLearnchevron-right

hashtag
Interactive Logon

The logon process begins either when a user enters credentials in the credentials entry dialog box, or when the user inserts a smart card into the smart card reader, or when the user interacts with a biometric device.

Users can perform an interactive logon by using a local user account for local logon or a domain account for domain logon by using the security account database on the user's local computer or by using the domain's directory service.

  • Local logon Logon to a local account grants a user access to Windows resources on the local computer and requires that the user has a user account in the account database maintained by the Security Account Manager (SAM) on the local computer.

  • Domain Logon/Smart Card Domain Logon A process that proves the identity of the user to the domain controller, implies eventual user access to local and domain resources, and requires that the user has a user account in an account database, such as Active Directory.

A user can interactively logon to a computer locally or remotely through Terminal Services.

Logo[MS-AUTHSOD]: Interactive Logon AuthenticationMicrosoftLearnchevron-right

hashtag
Network Logon

Used only after interactive logon authentication has taken place. During network logon, the process does not use the credentials entry dialog boxes to collect data

Logo[MS-AUTHSOD]: Network Logon AuthenticationMicrosoftLearnchevron-right
Network Logon

hashtag
Domain Logon

hashtag
Kerberos

The domain logon authentication process first tries the Kerberos Authentication Protocol ([MS-KILE]). If Kerberos fails, the authentication process falls back to the NTLM pass-through mechanism ([MS-APDS]).

  1. First, the client request the TGT from the KDC.

  2. Client then requests the service ticket for the domain-joined computer.

  3. Finally, Client submits the service ticket to verify the user logon information.

Logo[MS-AUTHSOD]: Protocol InteractionsMicrosoftLearnchevron-right

hashtag
Packet Tracing

LogoKerberos Wireshark Captures: A Windows Login ExampleMediumchevron-right
LogoKerberos - Wireshark Wikiwiki.wireshark.orgchevron-right

hashtag
References

LogoCredentials Processes in Windows AuthenticationMicrosoftLearnchevron-right
Credentials Processes in Windows Authentication
LogoChapter 3 Understanding Authentication and Logonwww.ultimatewindowssecurity.comchevron-right
www.ultimatewindowssecurity.com - Understanding Authentication and Logon
PreviousOverviewNextKerberos

Last updated