Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Live Chat

Get Quote

ADAudit Plus » Get Quote
 
  

What is Netlogon?

The Netlogon service is a default service that locates domain controllers, and authenticates users into the service. This service establishes a secure connection between the computer and the domain controller to authenticate the user into the network. Netlogon service kicks into action only after the user or computer authentication has taken place. The service relies on previously established credentials of the user instead of the credentials provided in the credential entry box. Netlogon confirms the user's identity to network services the user wants access to. Needless to say, if Netlogon encounters any errors, users can't be authenticated.

How the Netlogon process works?

  • Netlogon service begins by identifying the target domain the user wants to logon to.
  • It then identifies the domain controller in the specific domain that will authenticate the user.
  • After this a secure channel is established between origin and target systems.
  • Netlogon then passes on authentication requests from the client to the domain controller responsible for authentication.
  • It then returns authentication results to the Netlogon service on the client system.
  • You can start and stop Netlogon services with the following commands
    • net start Netlogon
    • net stop Netlogon

Netlogon services rely on a challenge response handshake to pass logon information through a secure channel between the originating system and the domain controller. This procedure checks the authenticity of the originating system.

Where is the Netlogon folder?

You can view scripts related to your Netlogon activity in the Netlogon folder. Your logon scripts can be found in the Netlogon Share and these are generally maintained on the domain controller. When a script is placed in Netlogon Share, the script is replicated throughout other domain controllers as well.

You can access these logon scripts by entering the following pathway into 'Run'. Your scripts are stored here by default.

%systemroot%\System32\Repl\Imports\Scripts folder.

Something to remember is that Netlogon Share is not a folder by itself. The 'Script folder' which is found in the 'sysvol' folder acts as Netlogon Share. If you check the 'Properties' of the 'Script' folder, you'll find that the share name is 'Netlogon'.

Image: Above is a snippet of the Netlogon script.

How ADAudit Plus can help you troubleshoot Netlogon issues.

As IT administrator you'll often have users who aren't being authenticated properly into the domain. One of these reasons could sometimes be a Netlogon issue. You could use our steps in the previous section to check your Netlogon scripts for any issues. However, when has reading through a whole list of logon scripts been an easy task? This is where ADAuditPlus can help.

You can leverage ADAudit Plus's intuitive interface to check if there are any Netlogon errors.
  • In the ADAudit Plus web console, click on 'Reports' and navigate to the 'User Management' section on the left pane. You can then select 'Account Lockout Analyzer' report.
  • In the report that opens up, you can click on 'Analyzer Details' to see if the source of any account lockout was due to Netlogon.

Image: ADAudit Plus' pre-configured report on Account Lockouts gives you a detailed look at reasons for account lockout.

Image: The 'Analyzer Details' column in the Account Lockout report will give you details of any Netlogon issues.

ADAudit Plus is a real-time, web-based Windows Active Directory (AD) change reporting software that audits, reports and alerts on Active Directory, Windows servers and workstations, and NAS storage devices to meet the demands of security, and compliance requirements. You can track AD management changes, processes, folder modifications, permissions changes, and more with 200+ reports and real-time alerts. To learn more, visit https://www.manageengine.com/active-directory-audit/

More related links

     

Native auditing becoming a little too much?

Try ADAudit Plus login monitoring tool to audit, track, and respond to malicious login and logoff actions instantaneously.

Try ADAudit Plus for free

 

ADAudit Plus Trusted By

Meet all auditing and IT security needs with ADAudit Plus.

  • Active Directory
  • File servers
  • Windows server
  • Workstation
  • Compliance
  • Related Products

A single pane of glass for complete Active Directory Auditing and Reporting

Free Trial Get Quote