Wednesday, May 5, 2010

Logon types in Windows Server

Here’s a list of the logon types you may find in Windows’ security event log when auditing:

2 – Interactive

Console Logons basically.

3 – Network

This logon happens when you’re accessing file shares using SMB for example.

4 – Batch

This is used for scheduled tasks.

5 – Service

This is used for services and service accounts that log on to start a service.

7 – Unlock

This is used whenever a user unlocks their machine.

8 – Network Cleartext

This is used when logging on over the network - when the password is sent in clear text (should happen to you!)

9 – New Credentials

This is used when you run an application using the RunAs command.

10 – Remote Interactive

This is used for the RDP applications like Terminal Services or Remote Assistance.

11 – Cached Interactive

This is logged when users log on using cached credentials.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)