Logon types in Windows Server

Here’s a list of the logon types you may find in Windows’ security event log when auditing:

1 – Interactive
Console Logons basically. 

2– Network
This logon happens when you’re accessing file shares using SMB for example.

3– Batch
This is used for scheduled tasks.

4– Service
This is used for services and service accounts that log on to start a service.

5– Unlock
This is used whenever a user unlocks their machine.

6– Network Cleartext
This is used when logging on over the network - when the password is sent in clear text (should happen to you!)

7– New Credentials
This is used when you run an application using the RunAs command.

8– Remote Interactive
This is used for the RDP applications like Terminal Services or Remote Assistance.

9– Cached Interactive
This is logged when users log on using cached credentials.