Share via


User Logon Process (Windows Embedded Standard 2009)

4/23/2012

The number of users accessing your device determines the component you use to authenticate the user logon process: the Windows Logon (Winlogon) component or the Minimal Logon (Minlogon) component. The following table shows the user environment in which you use each component.

Component Description

Winlogon

If you use work in a multiple user environment, use Winlogon to authenticate user logon sessions.

Winlogon controls access by managing user logon sessions and authorizations. When a user logs on to the system, Winlogon loads the user’s profile and permissions before it starts the shell. The permissions assigned to a user determine their level of access and ability to make changes to files, folders, and settings on the system.

Minlogon

If you work in a single user environment, use Minlogon.

Minlogon does not differentiate between different levels of access privilege. If you use Minlogon, the logon process logs all users on as the system user. Users are not prompted for a user name or password, and have the ability to modify or delete all files, folders, and settings on the system.

If users have access to the file system, you may want to consider write-protecting your run-time image with Enhanced Write Filter. For more information, see Enhanced Write Filter.

Minlogon does not support user accounts, authentication verification, administrator accounts, or domain joining.

In general, Winlogon is the preferred logon component for multiple user environments. Minlogon provides flexibility and a reduced footprint, but also increases your security risk. Winlogon offers greater control, allowing you to set multiple levels of accessibility to the system for users.

Note

If you are using Minlogon, you can access a network resource using either the NetUseAdd or the WNetAddConnection2 API functions. The NetUse Add function lets you establish a connection between a local computer and a remote server. The WNetAddConnection2 function makes a connection to a network resource.
If you want to access a network share while using Minlogon, you can use the Net.exe Utility component. The Net.exe Utility component is a command-line tool that controls network connections. For more information on the Net.exe Utility component, see Net.exe Utility component in the Component Help Reference in Windows Embedded Standard Studio Help.

For more information on the Minlogon component, see Minlogon Security.

See Also

Concepts

User and Administrator Account Setup

Other Resources

User Permission Settings