لطفا منتظر باشید ...
[Previous] [Next]
Lesson 4: Logging On to Windows 2000
This lesson explains the Log On To Windows dialog box that you use to log on
to Windows 2000. It also explains how Windows 2000 authenticates a user during the logon process to verify the identity of the user. This mandatory process ensures that only valid users can gain access to resources and data on a computer or the network.
After this lesson, you will be able to
- Identify the features of the Log On To Windows dialog box.
- Identify how Windows 2000 authenticates a user when the user logs on to a domain or logs on locally.
Estimated lesson time: 10 minutes
Logging On Locally to the Computer
To log on to a computer running Windows 2000, a user provides a user name
and password. Windows 2000 authenticates the user during the logon process to verify the identity of the user. Only valid users can gain access to resources and data on a computer or the network. Windows 2000 authenticates users who either log on locally to the computer at which they are seated or log on to a domain.A user can log on locally to either of the following:
- A computer that is a member of a workgroup.
- A computer that is a member of a domain but is not a domain controller. The user selects the computer name in the Log On To box in the Enter Password dialog box.
NOTEWhen a user starts a computer running Windows 2000 Professional, the user is prompted to enter a user name and a password in the Log On To Windows dialog box, as shown in Figure 1.3.Notice that the Log On To Windows dialog box contains an Options button.
Domain controllers don't maintain a local security database. Therefore,
local user accounts aren't available on domain controllers, and a user can't log
on locally to a domain controller.
This button is a toggle that displays or hides additional logon options. Table 1.2 describes the available options in the Log On To Windows dialog box.
Figure 1.3 The Log On To Windows dialog box
Table 1.2 Log On To Windows Dialog Box Options
| Option | Description |
|---|---|
| User Name | A unique user logon name that is assigned by an administrator. To log on to a domain with the user name, the user account must reside in the Directory. |
| Password | The password that is assigned to the user account. Users must enter a password to prove their identity. Passwords are case sensitive. The password appears in the Password box as asterisks (*) to protect it from onlookers. To prevent unauthorized access to resources and data, users must keep passwords secret. |
| Log On Using Dial-up Connection | A check box that appears when you click the Options button. It permits a user to connect to a domain server by using dial-up networking. Dial-up networking allows a user to log on and perform work from a remote location. |
| Shutdown | A button that appears when you click the Options button. It closes all files, saves all operating system data, and prepares the computer so that a user can safely turn it off. |
| Options | A button that toggles on and off the Log On To drop-down list, the Log On Using Dial-up Connection check box option, and the Shutdown button. See Figure 1.4. |
Figure 1.4 The Log On To Windows dialog box showing the Log On To drop-down list
Windows 2000 Authentication Process
To gain access to a computer running Windows 2000 or to any resource on that computer, a user must provide a user name and password.How Windows 2000 authenticates a user varies, based on whether the user is
logging on to a domain or logging on locally to a computer. (See Figure 1.5.)
Figure 1.5 Windows 2000 authentication process at Logon
When logging on locally, the steps in the authentication process are as follows:
- The user logs on by providing logon information, such as user name and password, and Windows 2000 forwards this information to the security subsystem of that local computer.
- Windows 2000 compares the logon information with the user information that is in the local security database. The security subsystem of the local computer contains the local security database that Windows 2000 uses to validate the logon information.
- If the information matches and the user account is valid, Windows 2000 creates an access token for the user. An access token is the user's identification for that local computer, and it contains the user's security settings. These security settings allow the user to gain access to the appropriate resources and to perform specific system tasks.
NOTE
In addition to the logon process, any time a user makes a connection to a computer, that computer authenticates the user and returns an access token. This authentication process is invisible to the user.
Lesson Summary
In this lesson, you learned that when a user starts a computer running Windows 2000 Professional, the Log On To Windows dialog box appears, and the user must enter a valid user name and password to log on. You also learned about the various options available in the Log On To Windows dialog box.When a user logs on, he or she can log on to the local computer; or, if the computer is a member of a domain, the user can log on to the domain. The authentication process for logging on locally and logging on to a domain is similar. However, when a user logs on locally, the local computer performs the authentication; and when a user logs on to a domain, a domain controller must perform the authentication. If the user is logging on locally, the security subsystem of the local computer contains the local security database that Windows 2000 uses to validate the logon information. If the user is logging on to a domain, a domain controller contains a copy of the Directory that Windows 2000 uses to validate the logon information.
