Logon
Stuff about logon process.
Last updated
Stuff about logon process.
Last updated
The Authentication Services protocols provide authentication services for applications like:
interactive applications, such as Winlogon, or
distributed client and server applications, such as a web browser, web server, or a file client or a file server, or
any other type of client and server application
through the following methods:
Interactive Logon
Local Logon
Domain Logon/Smart Card Domain Logon
Network
The logon process begins either when a user enters credentials in the credentials entry dialog box, or when the user inserts a smart card into the smart card reader, or when the user interacts with a biometric device.
Users can perform an interactive logon by using a local user account for local logon or a domain account for domain logon by using the security account database on the user's local computer or by using the domain's directory service.
Local logon Logon to a local account grants a user access to Windows resources on the local computer and requires that the user has a user account in the account database maintained by the Security Account Manager (SAM) on the local computer.
Domain Logon/Smart Card Domain Logon A process that proves the identity of the user to the domain controller, implies eventual user access to local and domain resources, and requires that the user has a user account in an account database, such as Active Directory.
A user can interactively logon to a computer locally or remotely through Terminal Services.
Used only after interactive logon authentication has taken place. During network logon, the process does not use the credentials entry dialog boxes to collect data
The domain logon authentication process first tries the Kerberos Authentication Protocol ([MS-KILE]). If Kerberos fails, the authentication process falls back to the NTLM pass-through mechanism ([MS-APDS]).
First, the client request the TGT from the KDC.
Client then requests the service ticket for the domain-joined computer.
Finally, Client submits the service ticket to verify the user logon information.