0

I'm struggling to understand all of the SECURITY_LOGON_TYPE values:

typedef enum _SECURITY_LOGON_TYPE { 
  Interactive              = 2,
  Network,
  Batch,
  Service,
  Proxy,
  Unlock,
  NetworkCleartext,
  NewCredentials,
  RemoteInteractive,
  CachedInteractive,
  CachedRemoteInteractive,
  CachedUnlock
} SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;

I'm trying to understand them in the context of a C++ code like this, that lists all logon sessions:

//Error handling is skipped!
ULONG n = 0;
LUID* pluid;
LsaEnumerateLogonSessions(&n, &pluid);

for(ULONG s = 0; s < n; s++)
{
    PSECURITY_LOGON_SESSION_DATA* ps;
    LsaGetLogonSessionData(&pluid[s], &ps);

    //Analyze logon type
    ps->LogonType;

    LsaFreeReturnBuffer(ps);
}

LsaFreeReturnBuffer(pluid);

So far I can understand these:

  1. Interactive if the actual (human) user logged in to the workstation. (As we are now while viewing this page.)

  2. RemoteInteractive if a Remote Desktop Connection has been established with this workstation.

Can someone add more description to other values?

c00000fd
  • 20,994
  • 29
  • 177
  • 400
  • The MSDN page you link to has a reasonable description of all the values. Which values are you having problems with? – Eric Brown Nov 18 '13 at 04:23
  • @EricBrown: I'm obviously asking since I don't understand the MSDN explanation. For instance, what is `batch process` or how is `CachedInteractive` different from `Interactive`, just to name a few. If you know what they all mean, wouldn't it be easier to post an actual explanation versus what you posted above or not post anything at all? – c00000fd Nov 18 '13 at 05:31
  • CachedInteractive uses cached credentials, for example if domain controller is inaccessible. – Xearinox Nov 18 '13 at 06:10
  • @c00000fd - and I'm trying to figure out what you don't understand about the MSDN explanation. I suspect there may be an [XY problem](http://meta.stackexchange.com/questions/66377/what-is-the-xy-problem) here, as well. – Eric Brown Nov 18 '13 at 06:28

1 Answers1

0

The MSDN explanations are all pretty self-explanatory, with the following clarifications:

  1. CachedXXXX - Don't ask the domain controller to validate; instead, check against the local cached copy of the credentials.
  2. Batch - Scheduled Tasks run using the Batch logon type. You can deny the Batch Logon right, which would prevent a user from running scheduled tasks.
Eric Brown
  • 13,774
  • 7
  • 30
  • 71