Logon Type Cheatsheet - Window Event Log
Note: If you need to zoom in, you can click on the image.
Logon Number
Number, Logon Type, Example
User Interactive Logon:
Logon Number: 2
Logon Type: Interactive -> User used a login page to log in.
Example: User entering credentials at the log page via keyboard.
Logon Number: 3
Logon Type: Network -> Used to access a Windows resource (e.g., shared folder) from a system on the network.
Example: Accessing a shared folder from the domain.
Logon Number: 10
Logon Type: Remote Interactive -> Log into computer via remote access protocol
Example: RDP
Background Logon
Logon Number: 4
Logon Type: Batch Job -> For a schedule task to run a task within an account, it would have to log into that account.
Example: Task Scheduler
Logon Number: 5
Service: Used to run a service as a specified account.
Cached Logon
Logon Number: 11
Logon Type: CachedInteractive
Example: User entering credentials at the log page via keyboard.
Logon Number: 11
Logon Type: CachedInteractive -> Logon that uses cached domain credentials
Example: User logons to the computer without having to contact the domain controller, since the network credentials are locally stored on the computer.
Logon Number: 12
Logon Type: CashedRemoteInteractive -> Logon that uses cached RDP credentials
Example: User logons to the computer without having to contact the domain controller, since the network credentials are locally stored on the computer.
Logon Number: 13
Logon Type: CachedUnlock -> Logon that uses cached RDP credentials
Example: Remote system get unlock by simply waking up the computer.
Other
Logon Number: 9
Logon Type: NewCredentials -> occurs when a user uses the ‘RunAs’ command to run an application.
Logon Number: 7
Logon Type: Unlock-> Type of logon occurs when a user unlocks their machine.
Example: This type of logon occurs when a user unlocks their machine.
Logon Number: 8
Logon Type: Network Cleartext -> when a user or computer logs on to the computer from the network, and the password is sent in clear text.