Before a user can do anything on a Windows NT system, he or she must log on to the system by supplying a username and password. Windows NT uses the username for identification and password for validation. The following procedure illustrates the interactive logon process for Windows NT.
The initial logon process for Windows NT is interactive, meaning that the user must type information at the keyboard in response to a dialog box the operating system displays on the screen. Windows NT grants or denies access based upon the information provided by the user.
Figure 2.3 Windows NT Validation Process
The following list details the steps included in the interactive logon and validation process, as illustrated in Figure 2.4:
Note Windows NT has the ability to support multiple authentication packages that are implemented as DLLs. This flexibility allows third-party software vendors the opportunity to integrate their own custom authentication packages with Windows NT. For example, a network vendor might augment the standard Windows NT authentication package by adding one that allows users to log onto Windows NT and the vendor's network simultaneously.
Otherwise, an access token is created, containing the user's security ID and the security IDs of Everyone and other groups. It also contains user rights (described in the next section) assigned to the collected security IDs. This access token is returned to the logon process with a Success status.
After the validation process, a user's shell process (that is, the process in which Program Manager is started for the user) is given an access token. The information in this access token is reflected by anything the user does, or any process that runs on the user's behalf.