What is the meaning of Windows Logon type?

I just sorted out the main contents for future reference.

Logon Type 2 Interactive local interactive logon. The most common way to sign in.

Logon Type 3 network network logon-the most common is access to a network share folder or printer. Authentication for IIS is also type 3

Logon Type 4 Batch Scheduled Tasks

Logon Type 5 Service Services

Some services are run with a domain account, and failure is common when the administrator changes the domain account password, but forgets to reset the account password in the service.

Logon Type 7 Unlock unlock Screen

Many companies have this security setting: When a user leaves the screen for a period of time, the screensaver locks the computer screen. Unlocking the screen lock requires you to type a username and password. The type of log generated at this point is 7

Logon Type 8 Networkcleartext network plaintext logon-typically occurs in an ASP login for IIS. Not recommended

Logon Type 9 newcredentials a new identity login-typically occurs when a program is run in RunAs to authenticate the login.

Logon Type remoteinteractive remote logins-such as the Terminal Service or the RDP approach. However, Windows 2000 is not Type10, with type 2. windowsxp/2003 up with type 10

Logon Type cachedinteractive Cache login

To facilitate laptop users, Windows caches logins for the first 10 successful logins.

Attached Original:

The Logon/logoff category of the Windows security log gives your ability to monitor all attempts to access the local Computer. In this article I ' ll examine the each logon type in greater detail and show you how some the other fields in Logon/logoff events C An is helpful for understanding the nature of a given logon attempt.

Event IDs 528 and 540 signify a successful logon, event ID 538 A logoff and all of the other events in this category identify Different reasons for a logon failure. However, just knowing about a successful or failed logon attempt doesn ' t fill in the whole picture. Because of all services Windows offers, there are many different ways you can logon to a computer such as Interactivel Y at the computer ' s local keyboard and screens, over the network through a drive mapping or through services (aka Remote Desktop) or through IIS. Thankfully, Logon/logoff events specify the logon type code which reveals the Type of logon that prompted the event.

Logon Type 2–interactive

This is what occurs to you the logons, which is, a logon at the console of a computer. You'll be the type 2 logons when a user attempts to log in the local keyboard and screens whether with a domain account or A local account from the computer ' s local SAM. To tell the "difference between an attempt" to "logon with" a "or" domain account "for the domain or computer name pre Ceding the user name in the event ' s description. Don ' t forget that logon ' s through a KVM over IP component or a server ' s proprietary "lights-out" remote KVM feature are S Till interactive logons from the standpoint of Windows and would be logged as such.

Logon Type 3–network

Windows logs logon Type 3 In most cases if you have access a computer from elsewhere on the network. One of the most common sources of logon events with logon Type 3 are connections to shared folders or printers. But other over-the-network logons are classed as logon Type 3 as "as" such most to IIS. (The exception is Basic authentication which are explained in Logon Type 8 below.)

Logon Type 4–batch

When Windows executes a scheduled task, the scheduled task service-a new logon session for the task It can run under the authority of the user account specified when the task is created. When this logon attempt occurs, Windows logs it as logon Type 4. Other job scheduling systems, depending on their design, may also generate logon events with logon Type 4 when starting Jo Bs. Logon Type 4 events are usually just innocent scheduled tasks startups but a malicious user could try to subvert security By trying to guess the password of this account through scheduled tasks. Such attempts would generate a logon failure event where logon type is 4. But logon failures associated with scheduled tasks can also to the administrator entering the wrong password for T He bank at the "Time" task creation or from the password of being changed without modifying the scheduled T Ask to use the new password.

Logon Type 5–service

Similar to scheduled Tasks, the each service was configured to run as a specified user account. When a service starts, Windows creates a logon to the specified user account which results in a logon/logof F Event with logon Type 5. Failed logon events with logon Type 5 usually indicate the password of the account has been changed without updating the SE Rvice But there ' s always the possibility of malicious users at work too. However this are less likely because creating a new service or editing a existing service by default requires membership I n Administrators or Server Operators and such a user, if malicious, would likely already have enough authority to Perpetrat E his desired goal.