To gain access to a computer running Windows XP Professional or to any resource on that computer (whether the computer is configured to use the Welcome screen or the Log On To Windows dialog box), you must provide a user name and possibly a password.
The way Windows XP Professional authenticates a user depends on whether the user is logging on to a domain or logging on locally to a computer. Windows XP Professional grants an access token based on user credentials during the authentication process.
The steps in the authentication process are as follows:
1. The user logs on by providing logon credentials—typically user name and password – and Windows XP Professional forwards this information to the security subsystem of that local computer.
2. Windows XP Professional compares the logon credentials with the user information in the local security database, which resides in the security subsystem of the local computer.
3. If the credentials are valid, Windows XP Professional creates an access token for the user, which is the user’s identification for that local computer. The access token contains the user’s security settings, which allow the user to gain access to the appropriate resources on that computer and to perform specific system tasks.
Note In addition to the logon process, any time a user makes a connection to a computer, that computer authenticates the user and returns an access token. This authentication process is invisible to the user.
If a user logs on to a domain, Windows XP Professional contacts a domain controller in the domain. The domain controller compares the logon credentials with the user information that is stored in Active Directory.
If the credentials are valid, the domain controller creates an access token for the user. The security settings contained in the access token allow the user to gain access to the appropriate resources in the domain.