Secondary Logon (seclogon) Service Defaults in Windows 7

Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Default Settings

Startup type: Manual
Display name:Secondary Logon
Service name:seclogon
Service type:share
Error control:normal
Object:LocalSystem
Path:%SystemRoot%\system32\svchost.exe -k netsvcs
File:%SystemRoot%\system32\seclogon.dll
Registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon
Privileges:
  • SeTcbPrivilege
  • SeRestorePrivilege
  • SeBackupPrivilege
  • SeAssignPrimaryTokenPrivilege
  • SeIncreaseQuotaPrivilege
  • SeImpersonatePrivilege

Default Behavior

Secondary Logon is a Win32 service. In Windows 7 it won't be started if the user doesn't start it. When the Secondary Logon service is started, it is running as LocalSystem in a shared process of svchost.exe. Other system components, such as drivers and services, may run in the same process. If Secondary Logon fails to start, Windows 7 attempts to write the failure details into Event Log. Then Windows 7 startup should proceed and the user should be notified that the seclogon service is not running because of the error.

Restore Default Startup Configuration of Secondary Logon

1. Run the Command Prompt as an administrator.

2. Copy the command below, paste it into the command window and press ENTER:

sc config seclogon start= demand

3. Close the command window and restart the computer.

The seclogon service is using the seclogon.dll file that is located in the C:\Windows\system32 directory. If the file is removed or corrupted, read this article to restore its original version from Windows 7 installation media.