Logon

Stuff about logon process.

Types of Logon

The Authentication Services protocols provide authentication services for applications like:

• interactive applications, such as Winlogon, or

• distributed client and server applications, such as a web browser, web server, or a file client or a file server, or

• any other type of client and server application

through the following methods:

• Interactive Logon

  • Local Logon

  • Domain Logon/Smart Card Domain Logon

• Network

Windows Logon ScenariosMicrosoftLearn

Interactive Logon

The logon process begins either when a user enters credentials in the credentials entry dialog box, or when the user inserts a smart card into the smart card reader, or when the user interacts with a biometric device.

Users can perform an interactive logon by using a local user account for local logon or a domain account for domain logon by using the security account database on the user's local computer or by using the domain's directory service.

• Local logon Logon to a local account grants a user access to Windows resources on the local computer and requires that the user has a user account in the account database maintained by the Security Account Manager (SAM) on the local computer.

• Domain Logon/Smart Card Domain Logon A process that proves the identity of the user to the domain controller, implies eventual user access to local and domain resources, and requires that the user has a user account in an account database, such as Active Directory.

A user can interactively logon to a computer locally or remotely through Terminal Services.

[MS-AUTHSOD]: Interactive Logon AuthenticationMicrosoftLearn

Network Logon

Used only after interactive logon authentication has taken place. During network logon, the process does not use the credentials entry dialog boxes to collect data

[MS-AUTHSOD]: Network Logon AuthenticationMicrosoftLearn

Network Logon

Domain Logon

Kerberos

The domain logon authentication process first tries the Kerberos Authentication Protocol ([MS-KILE]). If Kerberos fails, the authentication process falls back to the NTLM pass-through mechanism ([MS-APDS]).

1. First, the client request the TGT from the KDC.

2. Client then requests the service ticket for the domain-joined computer.

3. Finally, Client submits the service ticket to verify the user logon information.

[MS-AUTHSOD]: Protocol InteractionsMicrosoftLearn

Packet Tracing

Kerberos Wireshark Captures: A Windows Login ExampleMedium

Kerberos

References

Credentials Processes in Windows Authenticationdocsmsft

Credentials Processes in Windows Authentication

Chapter 3 Understanding Authentication and Logon

www.ultimatewindowssecurity.com - Understanding Authentication and Logon