The security principal is logging using a network.
The logon is for a batch process.
The logon is for a service account.
The logon is an attempt to unlock a workstation.
The logon is a network logon with plaintext credentials.
Allows the caller to clone its current token and specify new credentials for outbound connections. The new logon session has the same local identity but uses different credentials for other network connections.
A terminal server session that is both remote and interactive.
Attempt to use the cached credentials without going out across the network.
Same as RemoteInteractive, except used internally for auditing purposes.