Wednesday, April 22, 2009

The network initialization process

When Windows Vista starts, the Windows Firewall initializes before the computer connects to the network. This arrangement helps protect the computer from attackers.

During startup, the operating system initializes the network interface card (NIC) and assigns unique IPv4 and IPv6 addresses.

Windows Vista requests a DHCP address lease and obtains the address of a DNS server, if configured on the DHCP server.

Windows Vista then registers this IP address with the computer's name and domain on the network.

The operating system requests the Media Access Control (MAC) address for the DNS server's IP address.

Windows Vista sends a DNS service (SRV) query and a corresponding address (A) query for a domain controller in the computer's domain.

The operating system then sends the domain controller an LDAP request for a suitable network logon point. Typically, the domain controller responds with its own name.

Windows Vista then uses TCP and remote procedure calls (RPCs) to bind to that domain controller.

The client computer uses Network Time Protocol (NTP) to synchronize its clock with the domain controller because Kerberos version 5 authentication requires time synchronization.

The client computer and the domain controller now conduct Kerberos negotiation, falling back to NTLM if unsuccessful. If successful, the server responds with a Kerberos ticket.

Windows Vista then makes a server message block (SMB) connection to the server, trying SMB 2.0 first, and reverting to SMB 1.0, if unsuccessful.

Windows Vista binds to the domain controller's SYSVOL share and applies the computer element of any relevant group policies. These policies can include changes to the firewall settings.

The network initialization process is now complete.

No comments: