| Logon type | What it denotes | When it is recorded |
| 2 | Interactive | A user logs on directly to a system. Example: User A logs in to their device by keying in their credentials. |
| 3 | Network | A user accesses a computer over the network. Example: User A accesses a file from a network share. |
| 4 | Batch | A computer runs a batch job. Example: A Windows Scheduler task executes a script that has been scheduled periodically. |
| 5 | Service | A service starts. Example: Antivirus software that runs perpetually. |
| 10 | Remote interactive | A user logs in to a machine remotely. Example: User A logs in to device B using Remote Desktop Connection. |
This type of logon occurs when a user unlocks their machine.
Network Cleartext (Logon Type 8)
This type of logon occurs when a user or computer logs on to the computer from the network, and the password is sent in clear text.
NewCredentials (Logon Type 9)
This type of logon occurs when a user uses the 'RunAs' command to run an application.
CachedInteractive (Logon Type 11)
This type of logon is recorded when a user logons to the computer without having to contact the domain controller, since the network credentials are locally stored on the computer.
REFERENCES:
Windows logon types and logon codes
Understanding event IDs associated with logon and logoff activity.
Windows logon type 3
Understanding Authentication and Logon
Security identifiers
Credentials Processes in Windows Authentication