Services Utility: Secondary Logon Service
|Display Name (?):|| Secondary Logon|
|Short Name (?):|| seclogon|
|Executable (?):|| svchost.exe|
|Library (?):|| seclogon.dll|
|Depends On (?):|| None.|
|Supports (?):|| None.|
|Description (?):|| Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.|
|OS (?):|| XP Home/Professional, Vista Home/Business, Server 2003, Vista Server|
The secondary logon service allows a user to access a program under the credentials of another user. What this simply means is that you can execute a program as if you were another user on the local system or on a domain of which you are a member of. This procedure is very well likened to *nix where you normally do not run as root, but SU to that user whenever you need to perform a task that requires root access. In Windows 2000 this was called RunAs, but the name was changed in XP.
The primary purpose of this service is so that you can normally use your computer under a limited account, such as a user or power user, and only run applications as administrator when you require it. This allows you greater control of your system because things such as trojans, adware, viruses and such would not be able to be installed without you explictly executing them under the credentials of an administrator.
The use of this service is pretty easy. When you right click on an executable (sometimes you need to hold down shift when you right click) you will be given the option to "RunAs" that will allow you to enter the username and password of the user you would like to pretend you are when you execute the file. If you type in the username and password correctly than that application will run as if you were the user you authenticated as.
For the majority of users this service will never be used because most people do not know it is there, do not know how to use, and even if they did they would think it's a terrible pain to use it properly. The default setting of this service is manual and this means if you do not use it then it will not consume any resources. I would recommend leaving it to manual for most situations, disabled if you don't want people to be able to use it under any condition and automatic if you find yourself switching credentials a great deal.