Lesson 4: Logging On to Windows 2000

Previous page
Table of content
Next page

This lesson explains the process of logging on to the domain or local computer using the Log On To Windows dialog box. It also explains how Windows 2000 authenticates a user during the logon process to verify the identity of the user. This mandatory process ensures that only valid users can gain access to resources and data on a computer or the network.

After this lesson, you will be able to

  • Identify the features of the Log On To Windows dialog box
  • Identify how Windows 2000 authenticates a user when the user logs on to a domain or logs on locally
  • Log on to a stand-alone server

Estimated lesson time: 10 minutes

Logging On to a Domain

To log on to a computer running Windows 2000, you must provide a user name and password. Windows 2000 authenticates the user during the logon process to verify the user identity. Only valid users can gain access to resources and data on a computer or the network. Windows 2000 authenticates users who log on to either the domain or a local computer.

When you start a computer running Windows 2000, the Welcome To Windows window prompts you to press Ctrl+Alt+Delete to log on (see the figure below). By pressing Ctrl+Alt+Delete you guarantee that you are providing your user name and password to only the Windows 2000 operating system. Windows 2000 then displays the Log On To Windows dialog box.

The Welcome To Windows window and the Log On To Windows dialog box

The following table describes the default options on the Log On To Windows dialog box.

Log On To Windows Dialog Box Options

Option Description
User Name box A unique user logon name that is assigned by an administrator. To log on to a domain with the user name, the user account must reside in the directory.
Password box Passwords are case-sensitive. The password components appear on the screen as asterisks (*) to maintain privacy. To prevent unauthorized access to resources and data, you must keep passwords secret.
Log On To listSelect the domain that contains your user account. This list contains all of the domains in a domain tree.
Log On Using Dial-Up Connection check boxPermits a user to connect to a domain server by using dial-up networking, which allows a user to log on and perform work from a remote location.
Shutdown button Closes all files, saves all operating system data, and prepares the computer so that a user can safely turn it off. On a computer running Windows 2000 Server, the Shutdown button is unavailable by default. This prevents an unauthorized person from using this dialog box to shut down the server. To shut down a server, a user must be able to log on to it.
Options button Toggles on and off the Log On To list and the Log On Using Dial-Up Connection check box.

IMPORTANT

A user cannot log on to either the domain or the local computer from any computer running Windows 2000 Server unless that user is assigned the Log On Locally user right by an administrator or has administrative privileges for the server. This feature helps to secure the server.

Logging On to a Local Computer

A user can log on locally to either of the following:

  • A computer that is a member of a workgroup.
  • A computer that is a member of a domain but is not a domain controller. The user selects the computer name in the Log On To list in the Log On To Windows dialog box.

NOTE

Domain controllers do not maintain a local security database. Therefore, local user accounts are not available on domain controllers, and a user cannot log on locally to a domain controller.

Windows 2000 Authentication Process

To gain access to a computer running Windows 2000 or to any resource on that computer, a user must provide a user name and password. The way Windows 2000 authenticates a user varies based on whether the user is logging on to a domain or logging on locally to a computer.

Windows 2000 authentication process at logon

The steps in the authentication process are as follows:

  1. The user logs on by providing logon information, including user name and password.
    • If the user is logging on to a domain, Windows 2000 forwards this information to a domain controller.
    • If the user is logging on locally, Windows 2000 forwards this information to the security subsystem of that local computer.
  2. Windows 2000 compares the logon information with the user information that is stored in the appropriate database.
    • If the user is logging on to a domain, the domain controller contains a copy of the directory that Windows 2000 uses to validate the logon information.
    • If the user is logging on locally, the security subsystem of the local computer contains the local security database that Windows 2000 uses to validate the logon information.
  3. If the information matches and the user account is enabled, Windows 2000 creates an access token for the user. An access token is the user's identification for the computers in the domain or for that local computer, and it contains the user's security settings, including the user's security ID (SID). These security settings allow the user to gain access to the appropriate resources and to perform specific system tasks. The SID is a unique number that identifies user, group, and computer accounts.
  4. If the logon information does not match or the user account is not validated, access to the domain or local computer is denied.

NOTE

In addition to the logon process, any time a user makes a connection to a computer or to other resources, that computer or resource authenticates the user and returns an access token. This authentication process is invisible to the user.

Practice: Logging On to a Stand-Alone Server

In this practice, you will use the Log On To Windows dialog box to log on to a stand-alone server in a workgroup.

To log on to a stand-alone server

  1. Press Ctrl+Alt+Delete.

    The Log On To Windows dialog box appears.

  2. In the User Name box, type administrator (the administrator account you configured during Setup described in "About This Book"). By default, the account name that was last used to log on appears in this box. If this is the first time logging on, the default administrator account appears in this box.
  3. In the Password box, type password (the password you assigned to the administrator account during Setup). Keep in mind that passwords are case-sensitive, and note that for security reasons, the password appears as asterisks to shield the password from onlookers.
  4. Click OK.

Lesson Summary

In this lesson, you learned that when a user starts a computer running Windows 2000, the user is prompted to press Ctrl+Alt+Delete to log on. Windows 2000 then displays the Log On To Windows dialog box, and the user must enter a valid user name and password to log on. You also learned about the various options available in the Log On To Windows dialog box. In the practice portion of this lesson, you logged on to a stand-alone server in a workgroup.

When a user logs on, he or she can log on to the local computer or, if the computer is a member of a domain, the user can log on to the domain. If a user supplies a valid domain user account, the directory in the domain controller validates the user name and password. If a user supplies a valid local user account, the user name and password are validated by the security database in the local computer.


Previous page
Table of content
Next page
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 244
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
Image Processing with LabVIEW and IMAQ Vision
WebLogic: The Definitive Guide
C++ GUI Programming with Qt 3
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
File System Forensic Analysis
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy