Integrity Checking on Secure Channels with Domain Controllers
When a Windows NT system joins a domain, a machine account is created.
Thereafter, when the system boots, it uses the password for that account to
create a secure channel with the domain controller for its domain. Requests sent
on the secure channel are authenticated, and sensitive information (such as
passwords) is encrypted, but the channel is not integrity checked. A fix to
Windows NT 4.0 Netlogon service has been designed that will allow for integrity