Share via

Difference in Logon Type for Remote Desktop Connections Across Windows Versions

Rathish S 40 Reputation points
2024-07-31T13:46:28.3933333+00:00

I’m observing discrepancies in the logon types recorded for Remote Desktop (RDP) connections across different versions of Windows. Specifically:

  • On Windows 7 and Windows 8, logon type 10 is used to indicate Remote Desktop connections.
  • On Windows 10, it appears that Remote Desktop connections are recorded as logon type 3.

Could someone provide official documentation or resources that explain this change in logon types from Windows 7/8 to Windows 10? I’m looking for clarification on why this difference exists and how it reflects changes in Windows 10’s logging and security mechanisms.

Thank you!

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Client for IT Pros | User experience | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-08-02T00:59:15.0733333+00:00

    Hello,

    First, you can see all types here https://learn.microsoft.com/en-us/windows-server/identity/securing-privileged-access/reference-tools-logon-types

    You can check if your authentication is different (NLA), when you enable it, the authentication occurs at client side, when you disable it, it occurs at server side.

    Confirm your account type, if it is a local account, NTLM will be used, otherwise it most possibly

    be kerberos as a domain authentication.

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.