The Netlogon service maintains an encrypted channel between the computer and the domain controller that it uses to authenticate users and services. It passes user credentials through the encrypted channel to a domain controller and returns the domain security identifiers and user rights (this is commonly referred to as pass-through authentication).

If the Netlogon service stops, the computer cannot authenticate users and services, and the domain controller cannot register DNS records. If this happens, the domain controller may deny NTLM authentication requests, and client computers cannot discover domain controllers.

This service is installed by default and its startup type is Manual. However, after the computer joins a domain, its startup type is Automatic.

When the Netlogon service is started in its default configuration, it logs on by using the Local System account.

The Netlogon service is dependent upon the following system components:

  • Workstation
  • Browser Support Driver
  • Network Store Interface Service
  • NSI proxy service driver
  • SMB 1.x MiniRedirector
  • SMB MiniRedirector Wrapper and Engine
  • Redirected Buffering Sub System
  • Mup
  • SMB 2.0 MiniRedirector

Related content