Lesson 4: Logging On and Off Windows XP Professional

Lesson 4:?Logging On and Off Windows XP Professional

This lesson explains the Welcome screen and the Enter Password dialog box, the two options that you use to log on to Windows XP Professional. It also explains how Windows XP Professional authenticates a user during the logon process. This mandatory authentication process ensures that only valid users can gain access to resources and data on a computer or the network.


After this lesson, you will be able to

  • Explain how to use the Welcome screen to log on to Windows XP Professional
  • Explain how to configure Windows XP Professional to use the Log On To Windows dialog box
  • Identify the features of the Log On To Windows dialog box
  • Identify how Windows XP Professional authenticates a user when the user logs on to a local computer or to a domain
  • Explain how to log off or turn off a computer that is running Windows XP Professional
  • Identify the features of the Windows Security dialog box

Estimated lesson time: 20 minutes


Logging On Locally to the Computer

Windows XP Professional offers two options for logging on locally: the Welcome screen and the Log On To Windows dialog box.

The Welcome Screen

By default, Windows XP Professional uses the Welcome screen to allow users to log on locally. To log on, click the icon for the user account you want to use. If the account requires a password, you are prompted to enter it. If the account is not password protected, you are logged on to the computer. You can also use Ctrl+Alt+Delete at the Welcome screen to get the Log On To Windows dialog box. This enables you to log on to the Administrator account, which is not displayed on the Welcome screen when other user accounts have been created. To use Ctrl+Alt+Delete, you must enter the sequence twice to get the logon prompt.

For more information about creating user accounts during installation, see Chapter 2, "Installing Windows XP Professional." For more information about creating user accounts after installation, see Chapter 3, "Setting Up and Managing User Accounts."

A user can log on locally to either of the following:

  • A computer that is a member of a workgroup
  • A computer that is a member of a domain but is not a domain controller
Because domain controllers do not maintain a local security database, local user accounts are not available on domain controllers. Therefore, a user cannot log on locally to a domain controller.

The User Accounts program in the Control Panel includes a Change The Way Users Log On Or Off task, which allows you to configure Windows XP Professional to use the Log On To Windows dialog box instead of the Welcome screen.

The Log On To Windows Dialog Box

To use the Log On To Windows dialog box to log on locally to a computer running Windows XP Professional, you must supply a valid user name; if the user name is password protected, you must also supply the password. Windows XP Professional authenticates the user's identity during the logon process. Only valid users can access resources and data on a computer or a network. Windows XP Professional authenticates users who log on locally to the computer at which they are seated and one of the domain controllers in a Windows 2000 domain authenticates users who log on to a domain.

When a user starts a computer running Windows XP Professional that is configured to use the Log On To Windows dialog box, an Options button also appears. Table 1.1 describes the options in the Log On To Windows dialog box for a computer that is part of a domain.

Table 1.1??Log On To Windows Dialog Box Options

If your computer is not part of a domain, you will not get the Log On To option.

Windows XP Professional Authentication Process

To gain access to a computer running Windows XP Professional or to any resource on that computer, whether the computer is configured to use the Welcome screen or the Log On To Windows dialog box, you must provide a user name and possibly a password.

How Windows XP Professional authenticates a user depends on whether the user is logging on to a domain or logging on locally to a computer (see Figure 1.12).

Figure 1.12??Windows XP Professional authentication process at logon

The steps in the authentication process are as follows:

  1. The user logs on by providing logon information, such as user name and password, and Windows XP Professional forwards this information to the security subsystem of that local computer.
  2. Windows XP Professional compares the logon information with the user information in the local security database, which resides in the security subsystem of the local computer.
  3. If the information matches and the user account is valid, Windows XP Professional creates an access token for the user. An access token is the user's identification for that local computer. It contains the user's security settings, which allow the user to gain access to the appropriate resources on that computer and to perform specific system tasks.
In addition to the logon process, any time a user makes a connection to a computer, that computer authenticates the user and returns an access token. This authentication process is invisible to the user.

If a user logs on to a domain, Windows XP Professional contacts an available domain controller in the domain. The domain controller compares the logon information with the user information that is in the directory for the domain. If the information matches and the user account is valid, the domain controller creates an access token for the user. The security settings contained in the access token allow the user to gain access to the appropriate resources in the domain.

Logging Off Windows XP Professional

To log off a computer running Windows XP Professional, click Start and then click Log Off. Notice that the Start menu, shown in Figure 1.13, also provides a method to turn off the computer.

Figure 1.13??The Start menu provides a way to log off Windows XP Professional

The Windows Security Dialog Box

The Windows Security dialog box provides information such as the user account currently logged on and the domain or computer to which the user is logged on. This information is important for users with multiple user accounts, such as a user who has a regular user account as well as a user account with administrative privileges.

You access the Windows Security dialog box by pressing Ctrl+Alt+Delete if the computer is joined to a domain or the Welcome screen is disabled. Otherwise, the Task Manager will be activated. Figure 1.14 shows the Windows Security dialog box and Table 1.2 describes the Windows Security dialog box options.

Figure 1.14??Windows Security dialog box

Table 1.2??The Windows Security Dialog Box Options

Lesson Review

The following questions will help you determine whether you have learned enough to move on to the next chapter. If you have difficulty answering these questions, go back and review the material in this lesson before proceeding to the next chapter. The answers for these questions are in Appendix A, "Questions and Answers."

  1. What can you do when you log on locally to a computer, and what determines what you can do when you log on locally to a computer?
  2. What is the main difference in the authentication process for logging on locally to a computer and logging on to a domain?
  3. How can you configure Windows XP Professional to use the Log On To Windows dialog box instead of the Welcome screen to allow users to log on locally to the computer?
  4. Which of the following computers can a user log on to locally? (Choose all that apply.)
    1. A computer running Windows XP Professional that is in a workgroup
    2. A computer running Windows XP Professional that is in a domain
    3. A computer running Windows 2000 Server that is configured as a domain controller
    4. A computer running Windows 2000 Server that is a member server in a domain
  5. Which of the following statements about the Windows Security dialog box are correct? (Choose all that apply.)
    1. It is accessed by pressing Ctrl+Alt+Delete.
    2. It tells how long the current user has been logged on.
    3. It allows you to log off the computer or domain.
    4. It allows a user with administrative permissions to change other users' passwords.

Lesson Summary

  • By default, Windows XP Professional uses the Welcome screen to allow users to log on locally to the computer.
  • You can configure Windows XP Professional to use the Log On To Windows dialog box instead of the Welcome screen.
  • When a user logs on, he or she can log on to the local computer or, if the computer is a member of a domain, the user can log on to the domain.
  • When a user logs on locally, the local computer does the authentication.
  • When a user logs on to a domain, a domain controller must do the authentication.
  • In a workgroup environment, an access token is the user's identification for that local computer, and it contains the user's security settings. These security settings allow the user to gain access to the appropriate resources on that computer and to perform specific system tasks.
  • The Windows Security dialog box, which is accessed by pressing Ctrl+Alt+Delete, provides information such as the user account that is currently logged on and the domain or computer to which the user is logged on.
  • The Windows Security dialog box allows you to lock your computer, change your password, log off your computer, shut down your computer, and access Task Manager.