In order for a user to use a Windows 2000 Professional system, they must be authenticated. Authentication occurs when a user provides a valid username and password combination for the system or domain they are logging into. If logging into a Windows 2000 system locally, the user must provide a username and password from the local SAM database on that system. When logging on to a domain, a valid domain username, password and domain name (from the drop-down list) must be provided. Alternatively, you can also log in with something called a User Principal Name (UPN), which looks like an email address in the format firstname.lastname@example.org. If a UPN is provided, the user does not need to choose a domain name from the drop-down box (this will actually be disabled automatically when a UPN is used). When a user is logging on by sitting in front of a system, this is referred to as an interactive logon. In the same manner as NT 4, if you want a system to lock automatically after being idle for a period of time, set up a screensaver – the system will lock automatically after the interval you specify.
One last possibility that you should be aware of in Windows 2000 is the ability to automate the logon process. That is, you can set Windows 2000 up such that is does not require that a user provide a username and password to log in. Instead, the system will login automatically using the credentials you supply. You can control this behavior (which is obviously not recommended on systems that require security, but may be useful on, say, a kiosk system) by using the Users and Passwords applet in Control panel. You must specify the user account that the automated logon should use. Note that authentication is still taking place, but everyone is automatically being authenticated as the same user.