Netlogon Protocol Changes – News !

As you know, Microsoft Netlogon protocol change process was activated with the November 8, 2022 updates (KB5021130 – CVE-2022-38023 ).

In previous announcements, “Enforcement by Default” would be activated with the April 11, 2023 updates, but it was postponed with new announcement which is 13 June, 2023.

 

By the way after the Windows updates that are dated on or after November 8, 2022 Windows updates are installed, you can add the “RequireSeal” key below.

Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Value: RequireSeal

Data Type: REG_DWORD

Data:  0 – Disabled

 1 – Compatibility mode. Windows domain controllers will require that Netlogon clients use RPC Seal if they are running Windows, or if they are acting as either domain controllers or Trust accounts.

2 – Enforcement mode. All clients are required to use RPC Seal, unless they are added to the “Domain Controller: Allow vulnerable Netlogon secure channel connections” group policy object (GPO).

If you have more than one Domain Controller in your environment, you can distribute the registry key with the group policy method.

Or you can choose to use Powershell :

New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters" -Name RequireSeal -Value DATA -PropertyType DWORD –Force

 

Note: Events 5838,5839 and 5840,5841 can be checked in the System Event Log on DCs with November 2022 updates installed to detect applications that may have problems.

 

 

Have a nice day!