Contact Info   Home Page NT Page

Windows NT Logon

When you log on to Windows NT machine in a workgroup, you are logging on to that specific machine; the local security database verifies your credentials. The local machine performs the following steps when you log on directly to a Windows NT computer:

Windows NT Workstation:

  1. 1. WinLogon asks for your user name and password, which it then sends to the Local Security Authority (LSA).
  2. The LSA sends the user name and password to the Security Accounts Manager (SAM), which looks for the user name and password in the directory database and notifies the LSA whether they are approved.
  3. The LSA creates an access token with the user's assigned rights, and passes it to the WinLogon process.
  4. The WinLogon process completes the logon, and then starts a new process for the user (usually Explorer.exe). The user's access token is attached to the new process.

The logon process is somewhat more complicated for a domain because logon information must pass from the local machine (where the user is sitting) to the domain controller, and back again. This network logon process requires the NetLogon service.

The procedure for Windows NT Server is as follows:
  1. WinLogon sends the user name and password to the Local Security Authority (LSA).
  2. The LSA passes the request to the local NetLogon service.
  3. The local NetLogon service sends the logon information to the NetLogon service on the domain controller.
  4. The NetLogon service on the domain controller passes the information to the domain controller's Security Accounts Manager (SAM).
  5. The SAM asks the domain directory database for approval of the user name and password.
  6. The SAM passes the result of the approval request to the domain controller's NetLogon service.
  7. The domain controller's NetLogon service passes the result of the approval request to the client's NetLogon service.
  8. The client's NetLogon service passes the result of the approval request to the Local Security Authority (LSA).
  9. If the logon is approved, LSA creates an access token and passes it to the WinLogon process.
  10. WinLogon completes the logon, thus creating a new process for the user and attaching the access token to the new process.


•Back to Top

• Home Page • Contact Info

This Web site may contain links to sites on the Internet which are owned and operated by third parties. We are not responsible for the availability of or the content located on or through any such third-party site.

Copyright © 1997-2006 - Data Options - www.dataoptions.com