As you know, Microsoft Netlogon protocol change process was activated with the November 8, 2022 updates (KB5021130 – CVE-2022-38023 ).
In previous announcements, “Enforcement by Default
” would be activated with the April 11, 2023
updates, but it was postponed with new announcement which is 13 June, 2023
.
By the way after the Windows updates that are dated on or after November 8, 2022 Windows updates are installed, you can add the “RequireSeal
” key below.
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Value: RequireSeal
Data Type: REG_DWORD
Data: 0 – Disabled
1 – Compatibility mode. Windows domain controllers will require that Netlogon clients use RPC Seal if they are running Windows, or if they are acting as either domain controllers or Trust accounts.
2 – Enforcement mode. All clients are required to use RPC Seal, unless they are added to the “Domain Controller: Allow vulnerable Netlogon secure channel connections” group policy object (GPO).
If you have more than one Domain Controller in your environment, you can distribute the registry key with the group policy method.
Or you can choose to use Powershell :
New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters" -Name RequireSeal -Value DATA -PropertyType DWORD –Force
Note:
Events 5838,5839 and 5840,5841 can be checked in the System Event Log on DCs with November 2022 updates installed to detect applications that may have problems.
Have a nice day!