Windows Logon Types
I have received several requests asking what the different Logon Types are for the different Windows Login/Account Login (528,538,540,672,4624,4634,4768) Events. These can be found all over the place on Microsoft’s website and others but instead of putting the links I thought I would just put the chart here.
| Logon Type | Logon Title | Description |
| 2 | Interactive | A user logged on to this computer |
| 3 | Network | A user or computer logged on to this computer from the network |
| 4 | Batch | Used by batch processes that may be executing on behalf of a user without their direct intervention |
| 5 | Service | Service started |
| 7 | Unlock | This workstation was unlocked |
| 8 | NetworkClearText | A user logged on to this computer from the network using credentials using clear text. Could indicate a logon to IIS with basic authentication. |
| 9 | NewCredentials | New Credentials |
| 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |
| 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |
No comments yet.
Leave a comment
-
Archives
- May 2009 (3)
- April 2009 (1)
- March 2009 (2)
- February 2009 (4)
- September 2008 (1)
- August 2008 (1)
- June 2008 (1)
- May 2008 (1)
- April 2008 (1)
- March 2008 (2)
- January 2008 (2)
- September 2007 (3)
-
Categories
-
RSS
Entries RSS
Comments RSS
