User Logon Process

Article
10/07/2008

The number of users accessing your device determines the component you use to authenticate the user logon process: the Windows Logon (Winlogon) component or the Minimal Logon (Minlogon) component. The following table shows the user environment in which you use each component.

Component	Description
Winlogon	If you use work in a multiple user environment, use Winlogon to authenticate user logon sessions. Winlogon controls access by managing user logon sessions and authorizations. When a user logs on to the system, Winlogon loads the user’s profile and permissions before it starts the shell. The permissions assigned to a user determine their level of access and ability to make changes to files, folders, and settings on the system.
Minlogon	If you work in a single user environment, use Minlogon. Minlogon does not differentiate between different levels of access privilege. If you use Minlogon, the logon process logs all users on as the system user. Users are not prompted for a user name or password, and have the ability to modify or delete all files, folders, and settings on the system. If users have access to the file system, you may want to consider write-protecting your run-time image with Enhanced Write Filter. For more information, see Enhanced Write Filter Minlogon does not support user accounts, authentication verification, administrator accounts, or domain joining.

Winlogon

If you use work in a multiple user environment, use Winlogon to authenticate user logon sessions.

Winlogon controls access by managing user logon sessions and authorizations. When a user logs on to the system, Winlogon loads the user’s profile and permissions before it starts the shell. The permissions assigned to a user determine their level of access and ability to make changes to files, folders, and settings on the system.

Minlogon

If you work in a single user environment, use Minlogon.

Minlogon does not differentiate between different levels of access privilege. If you use Minlogon, the logon process logs all users on as the system user. Users are not prompted for a user name or password, and have the ability to modify or delete all files, folders, and settings on the system.

If users have access to the file system, you may want to consider write-protecting your run-time image with Enhanced Write Filter. For more information, see Enhanced Write Filter

Minlogon does not support user accounts, authentication verification, administrator accounts, or domain joining.

In general, Winlogon is the preferred logon component for multiple user environments. Minlogon provides flexibility and a reduced footprint, but also increases your security risk. Winlogon offers greater control, allowing you to set multiple levels of accessibility to the system for users.

Note If you are using Minlogon, you can access a network resource using either the NetUseAdd or the WNetAddConnection2 API functions. The NetUse Add function lets you establish a connection between a local computer and a remote server. The WNetAddConnection2 function makes a connection to a network resource.

If you want to access a network share while using Minlogon, you can use the Net.exe Utility component. The Net.exe Utility component is a command-line tool that controls network connections. For more information on the Net.exe Utility component, see Net.exe Utility component in the Component Help Reference in Windows XP Embedded Studio Help.

For more information on the Minlogon component, see Minlogon Security.

User Logon Process

See Also

Additional resources