Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Windows service for login events

Posted on 2004-09-23
2
611 Views
Last Modified: 2011-09-20
Experts,


    What is the windows service(s) that perform the login events?
    I am playing with a  Windows 2000 professional and it is not logging login attempts ( successful or unsuccessful). Could this be a registry problem?
    In the "Local Security Policy" setting, every "success " and "failure" is checked.


regards,
Nick
0
Comment
Question by:nicotine1
2 Comments
 
LVL 67

Accepted Solution

by:
sirbounty earned 300 total points
ID: 12133952
There's two steps to enabling logging: http://support.microsoft.com/?id=300549
0
 
LVL 86

Assisted Solution

by:jkr
jkr earned 200 total points
ID: 12133994
The logons are handled by 'winlogon.exe'. From "Inside Windows 2000":

---------------------------------------------->8---------------------------------

Interactive logon (as opposed to network logon) occurs through the interaction of the logon process (Winlogon), Lsass, one or more authentication packages, and the SAM or Active Directory. Authentication packages are DLLs that perform authentication checks. Kerberos is the Windows 2000 authentication package for interactive logon to a domain, and MSV1_0 is the Windows 2000 authentication package for interactive logon to a local computer, for domain logons to trusted pre-Windows 2000 domains, and for when no domain controller is accessible.

[...]

Winlogon relies on a Graphical Identification and Authentication (GINA) DLL to obtain a user's account name and password. The default GINA is Msgina (\Winnt\System32\Msgina.dll). Msgina presents the standard Windows 2000 logon dialog box. Allowing for other GINAs to replace Msgina enables Windows 2000 to use different user identification mechanisms. For example, a third party might supply a GINA that uses a thumbprint recognition device to identify users and extract their passwords from an encrypted database.

Winlogon is the only process that intercepts logon requests from the keyboard. After obtaining a username and password from the GINA, Winlogon calls Lsass to authenticate the user attempting to log on. If the user is authenticated, the logon process activates a logon shell on behalf of that user. The interaction between the components involved in logon is illustrated in Figure 8-8.

In addition to supporting alternate GINAs, Winlogon can load additional network provider DLLs that need to perform secondary authentication. This capability allows multiple network providers to gather identification and authentication information all at one time during normal logon. A user logging on to a Windows 2000 system might simultaneously be authenticated on a UNIX server. That user would then be able to access resources of the UNIX server from the Windows 2000 machine without requiring additional authentication. Such a capability is known as one form of single sign-on.

---------------------------------------------->8---------------------------------

See also

http://www.microsoft.com/windows2000/techinfo/reskit/en-us/gp/518.asp ("Audit logon events")
http://msdn.microsoft.com/library/en-us/gp/518.asp ("Audit logon events (Windows 2000 Group Policy Reference)")
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Application Deployment - Simple 7 652
Windows 2000  Domain controller 3 500
Windows Explorer and WinZXip 4 525
windows 2000 image 3 141
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Is your phone running out of space to hold pictures?  This article will show you quick tips on how to solve this problem.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question