Logon Type



Logon Type 2-(T2)


A user logged on from console to this computer.

Suspicious Type 2 multiple audit failure may indicate password guess or elevation using console or keyboard.

Logon Type 3-(T3)


A user or computer logged on to this computer from the network.

Suspicious Type 3 multiple audit failure and later audit success may indicate anonymous logon by malware or attacker through a network.

Logon Type 8-(T8)

Network Clear Text

The user’s password was passed to the authentication package in its un-hashed form with audit success.

Type 8 audit success indicate inadequately policy configuration which allows plaintext or clear text as login credentials thus easily to be sniffed.

Logon Type 10-(T10)

Remote Interactive

A user logged on to this computer remotely using Terminal Services or Remote Desktop.

As type 3, but user tried to login from remote computer.