I don't mean how to decode them, byt what do they exactly mean and how and when this parameters are filled.
1 of 1 people found this helpful
UserNameTime: The user name used to authenticate at preboot and pulled from Active Directory or User Directory
Token Timestamp: The token used to authenticate at preboot. This is the machine key that is salted and encrypted using the users password.
Logon Data Timestamp: This is the password used for the user to login at Preboot and collected either by the Credential Provider during a password change or from PBA if the password is changed there.
Note: The Token and Logon timestamps do not always match. If the password is changed on a different system and then propagated to that machine, the token will be updated with the new password and thus timestamp will be newer as the logon data timestamp will reflect the actual point in time the password was collected on the other system.
Self-Recovery Timestamp: This is the self recovery information and if enabled, the user will be prompted to enter this information at preboot.