Net Logon (System Services for the Windows Server 2003 Family and Windows XP Operating Systems)
Service Name: Netlogon
Executable Name: lsass.exe
Log On As: LocalSystem
Description: The Net Logon service maintains a secure channel between your computer and the domain controller for authenticating users and services. It passes the user’s credentials through a secure channel to a domain controller and returns the domain security identifiers and user rights for the user. This is commonly referred to as pass-through authentication.
|The secure channel is not directly used for Kerberos authentication, which is preferred authentication mechanism in Windows 2000 and Windows Server 2003.|
The Net Logon service is started automatically when the computer is a member of a domain. In Windows 2000 Server and Windows Server 2003 family, the Net Logon service publishes service resource records in the Domain Name System (DNS) and uses DNS to resolve names to the IP addresses of domain controllers. The Net Logon service registers DNS records on domain controllers only, not on member servers.
The Net Logon service also implements the replication protocol based on RPC for synchronizing Windows NT 4.0 backup domain controllers (BDCs) and the primary domain controller (PDC).
If this service is stopped or disabled, the computer might not authenticate users and services, and the domain controller cannot register DNS records.Specifically, it might deny NTLM authentication requests and, if this service is stopped or disabled on a domain controller, the domain controller is not discoverable by client computers.
Available on: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition.
Installed through: Default operating system installation
Startup type: Manual
Service status: Started (if joined to a domain)
This service depends on the following system components:
The following system components depend on this service: None