Do you know what is Netlogon? It is one kind of security process in the Microsoft Windows server. It authenticates or allows users or devices in a domain service.
You may have heard about the Netlogon for the first time and don’t know what it is. If this is the case, then this article is just for you. Because We’re going to explain everything about the Netlogon service in this article.
So, without further ado, let’s jump to the point.
What Is Netlogon Service?
Netlogon is a Local Security Authority Service that handles the login authentication of domain users. It is a process rather than an application. For this, it always runs in the background unless someone intentionally turns it off or runtime error.
When a user tries to get access to any particular network, Netlogon confirms the identity of that user and grants permission to access it. It maintains a secure channel between the user’s computer and the domain controller.
If Netlogon is disabled –
- The computer won’t authenticate users and services.
- The domain controller will be unable to register DNS records.
- Any services that explicitly depend on it, will fail to start.
What Activities Does Netlogon Service Provide on Your PC
Netlogon service performs activities when someone sends the network logon request. The activities are given below:
- For login authentication, Netlogon selects the target domain.
- To give authentication on the target domain, it identifies a domain controller.
- It secures the channel between the Domain Controller (DC) and the client. It creates secure channels to pass the authentication packets.
- The registration of SRV records, CNAME, and other DC (Domain Controllers) records is done by this service in the DNS Server to advertise the availability of DC in the domain.
- It stores the registered SRV records in C:\Windows\System32\Config\NetLogon.DNS File.
- Depending on the version of the OS (Operating System), it also performs re-registration of SRV Records every 24 hours.
- Appropriate DC gets an authentication request through Netlogon.
- The client gets the original authentication result through Netlogon.
- It also registers SRV Records with no DC when it is for a site. It is called Site Coverage.
Vulnerability of Netlogon
Though Netlogon plays an important role in an operating system for handling the domain user login authentication, it has some vulnerabilities too. Here are they –
- The domain of the devices that are allowed by Netlogon remains exposed.
- On the other side, the Active Directory Forest (ADF) is also exposed to attackers which creates a great security risk. The attacker uses MS-NRPS protocol to establish a vulnerable Netlogon channel to get an advantage from the system.
- A vulnerable Netlogon named Zerologon which is also known as CVE-2020-1472 was caused by a vulnerability that was rated as hazardous vulnerability 10 out of 10 by The Common Vulnerability Scoring System (CVSS).
- A cryptography bug was used to make the weakness in Microsoft’s Active Directory Netlogon Remote Protocol.
Security Recommendations for Netlogon
You are recommended to use a 3rd party device to deploy updates as expedient in the forest rather than using Netlogon to prevent threats and vulnerabilities.For this, you need to go to the Netlogon UI path and ensure the “Domain controller: Allow vulnerable Netlogon secure channel connections” option is set to Not Configured.
How to Start Netlogon Service on Windows 10
- Type “services” in the Start search box and open Services.
- Find Netlogon and double-click to open its properties.
- Click Start to start the Netlogon service and then click OK.
Directory of Netlogon
You can find the Netlogon files on your computer simply by entering the following command in the ‘Run’ Dialog box –
%SYSTEMROOT%\debug\’foldername’.
Here ‘Folder name’ is the name of the folder you created to store your Netlogon files. The path of netlogon is given below.
Netlogon UI Path
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Domain controller: Allow vulnerable Netlogon secure channel connections.
Set the UI path as prescribed then check the registry key below.
Netlogon Registry Path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters: VulnerableChannelAllowList.
You will not able to find the registry key “VulnerableChannelAllowList” to the registry location if the group policy is set as prescribed.
Frequently Asked Questions
What is a non-compliant device?
The device which uses a vulnerable Netlogon secure channel connection is non-compliant.
Where is the Netlogon folder?
There is no folder of Netlogon that can be found on local storage. You only can find the shared folder which contains the group policy logon scripts and other executable files.
You can find the Netlogon on the following path:
%systemroot%\Sysvol\Sysvol\Domain Name\Scripts.
Does LDAP use Netlogon?
LDAP Schema has not mentioned any Netlogon attributes.
Does Windows 10 have CVE 2020 1472?
CVE-2020-1472 is the critical ranked (10/10) CVSSv3. The flaw is still contained in the most supported version of Windows server from 2008 to 2019.
Conclusion
Netlogon is mandatory for authenticating users and services and maintaining a secure channel between computers. The main function of Netlogon is the verification of NTLM logon requests, locating registers, and authenticating the domain controller during logon. That’s all you need to know about Netlogon. If you have any further queries about it, please feel free to ask in our comment section below.
![Read more about the article [Fix] Realtek HD Audio Manager Mic Not Working on Windows 11/10 (100% Working)](https://wingeek.org/wp-content/uploads/2022/07/realtek-hd-audio-manager-mic-not-working-300x171.jpg)
![Read more about the article [Fix] The Processing Of Group Policy Failed on Windows 10 (100% Working)](https://wingeek.org/wp-content/uploads/2021/11/the-processing-of-group-policy-failed-300x171.jpg)
![Read more about the article [Fix] Focus Assist Keeps Turning On (100% Working)](https://wingeek.org/wp-content/uploads/2022/06/focus-assist-keeps-turning-on-300x171.jpg)
