The Netlogon Remote Protocol is used for secure communication between machines in a domain (both domain members and domain controllers) and domain controllers. The communication is secured by using a shared session key computed between the client and the DC that is engaged in the secure communication. The session key is computed by using a preconfigured shared secret that is known to the client and the DC.
The Netlogon Remote Protocol client and server can only run on domain-joined systems, and are started during boot. When a system is unjoined from the domain, then the client and server are stopped and will not be started during boot.
The following sections describe the scenarios in which the Netlogon Remote Protocol is used. The description is not normative, but it provides an overview about the general purpose of the Netlogon Remote Protocol and the flow of its operations.