Windows Logon Session Types: Network

Picture of Henry Zhang Henry Zhang : Nov 22, 2021 10:00:00 AM

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening

Logon Type — Network

Used to access a Windows resource (e.g. shared folder) from a system on the network.

Logon Type Number

3

Logon User Rights / Tokens

SeNetworkLogonRight — Access this computer from the network

SeDenyNetworkLogonRight — Deny access to this computer from the network

Authenticators Accepted

Password, NT Hash, Kerberos ticket

Reusable Credentials Stored in Destination LSA?

No (except if delegation is enabled, then Kerberos tickets are stored)

Examples
  • NET USE
  • RPC calls
  • PowerShell / WinRM / PsExec
  • Remote Registry
  • IIS integrated Windows authentication
  • SQL Windows authentication
  • Vulnerability Scanners

Windows Logon Session Types: NetworkCleartext

Picture of Henry Zhang Henry Zhang : Dec 13, 2021 7:30:00 AM

Logon Type — NetworkCleartext Used to logon with credentials sent in clear text (only possible for certain services).

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

Windows Logon Session Types: NewCredentials

Picture of Henry Zhang Henry Zhang : Dec 20, 2021 8:45:00 AM

Logon Type — NewCredentials Used with RunAs or mapping a network drive with alternate credentials. Create a new logon session for the same user but...

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

Windows Logon Session Types: Unlock

Picture of Henry Zhang Henry Zhang : Dec 6, 2021 9:45:00 AM

Logon Type — Unlock Used to unlock an Interactive Logon session. Creates a new Type 2 (Interactive) logon type.

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE