After a user logs on, Windows NT Server associates the user with a set of credentials. These credentials are used to create the user's Security Context. The Security Context defines the user's logon mode. The logon mode then determines how NTFS allows the user access to files. Windows NT Server supplies a special user account that corresponds to each Internet service.
Table 1.3 lists the default authentication methods and logon modes and their corresponding Windows NT Server user accounts.
Table 1.3 Services, Authentication, Logon Mode, and Accounts
| Authentication Method | Default | Windows NT User Account | |
WWW | None (Anonymous) | Local | WWW anonymous account | |
WWW | HTTP Basic | Local | Specified by Web user | |
WWW | Windows NT Server challenge / response | Always network | Specified by Web user | |
WWW | Windows NT Server challenge / response | Local | WWW anonymous account | |
FTP | Anonymous | Local | FTP anonymous account | |
FTP | FTP | Local | Specified by FTP user | |
Gopher | None (always Anonymous) | Local | FTP anonymous account | |
* Preferred because Windows NT Server accepts cryptographic validation.
In the local and batch logon modes, Windows NT Server requires the user's actual password, except for anonymous accounts. In the network logon mode, Windows NT Server accepts cryptographic validation. To make sure that users with local and batch logon modes are configured correctly, you can create a new user group, such as Web Users, and grant the local and batch rights to that group.