Authenticated Logon

Authentication is the process of verifying the identity of something or someone, otherwise known as a principal. Windows 2000 requires that all principals be authenticated before they can use services in the operating system. A principal can be authenticated in two ways: interactively and across the network.

An interactive logon is generated when a user is physically present at the computer and enters credentials, such as a username and password or a smartcard and personal identification number (PIN). The account logging on must have the Logon Locally logon right; if it does not, the account will fail to log on.

A network logon is generated when the user is connecting to a network computer. The account logging on must have the Access This Computer From The Network logon right or the logon will fail. For example, when a user accesses a resource, such as a printer, on a network computer running Windows 2000, the remote Windows 2000 operating system will automatically attempt a network logon.

Two other types of logon exist—batch logon and service logon—but they are less used by users. Batch logon is usually reserved for applications that run as batch jobs, such as bank account reconciliation programs or very large print jobs. It is seldom used by Windows. Service logon is required by accounts used to start a Windows service such as Microsoft SQL Server or the print spooler service. The appropriate logon right is required to log on as a batch job (Logon As A Batch Job) or as a service (Logon As A Service).