What is domain logon process?
Emma Horne
Published Mar 21, 2026
What is domain logon process?
A domain logon grants a user permission to access local and domain resources. A domain logon requires that the user has a user account in Active Directory. The computer must have an account in the Active Directory domain and be physically connected to the network.
How does a user authenticate to a domain?
In the case of a domain-joined computer, the authenticating target is the domain controller. The credentials used in authentication are digital documents that associate the user’s identity to some form of proof of authenticity, such as a certificate, a password, or a PIN.
How do I monitor a domain user?
In this article, I will demonstrate how to monitor user logon events in a domain using the native audit methods….Audit User Logons in Active Directory Using Native Auditing
- Step 1: Create New GPO.
- Step 2: Edit the GPO to Enable Auditing.
- Step 3: Audit the Security Event Logs.
What happens when you log into a domain?
When you log on to a Windows-based computer that’s part of a domain, your computer will check your user name and password against the list of users stored on a type of server called a Domain Controller, also referred to as a logon server. All Windows-based computers also have what are called local user accounts.
Is RDP interactive logon?
10: Remote Interactive logon—This is used for RDP-based applications like Terminal Services, Remote Desktop or Remote Assistance. Windows supports logon using cached credentials to ease the life of mobile users and users who are often disconnected.
What is difference between Kerberos and NTLM authentication?
The main difference between NTLM and Kerberos is in how the two protocols manage authentication. NTLM relies on a three-way handshake between the client and server to authenticate a user. Kerberos uses a two-part process that leverages a ticket granting service or key distribution center.
What is Kerberos and how it works?
Kerberos (/ˈkɜːrbərɒs/) is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos protocol messages are protected against eavesdropping and replay attacks.
How do I track login and logout times for domain users?
Perform the following steps in the Event Viewer to track session time:
- Go to “Windows Logs” ➔ “Security”.
- Open “Filter Current Log” on the rightmost pane and set filters for the following Event IDs. You can also search for these event IDs.
- Double-click the event ID 4648 to access “Event Properties”.
How do I track Active Directory logins?
To view the events, open Event Viewer and navigate to Windows Logs > Security. Here you’ll find details of all events that you’ve enabled auditing for. You can define the size of the security log here, as well as choose to overwrite older events so that recent events are recorded when the log is full.
What is the difference between a local user account and a domain user account?
Local accounts are stored on computers and only apply to the security of those machines. Domain accounts are stored in Active Directory, and security settings for the account can apply to accessing resources and services across the network.
What is the difference between users and domain users?
Domain Users is a Domain Global Group in Active Directory whereas Users is a Local Group stored in the SAM on a single computer.
How many logon types are there?
Logon Types
| Logon Number | Logon Type |
|---|---|
| 0 | Used only by the System account |
| 2 | Interactive: Used to log on at the local console |
| 3 | Network: Used to access a Windows resource (e.g., shared folder) from a system on the network |
| 4 | Batch Job: Used to run a scheduled task as a specified account |
