Integrity Checking on Secure Channels with Domain Controllers

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

A fix to NTs Netlogon service has been designed that will allow for integrity checking of secure channels.

When a Windows NT system joins a domain, a machine account is created. Thereafter, when the system boots, it uses the password for that account to create a secure channel with the domain controller for its domain. Requests sent on the secure channel are authenticated, and sensitive information (such as passwords) is encrypted, but the channel is not integrity checked. A fix to Windows NT 4.0 Netlogon service has been designed that will allow for integrity checking.: Q183859

Featured Links