1.5 Prerequisites/Preconditions

  • Article

The Group Key Distribution Protocol is an RPC interface. As a result, it has the prerequisites specified in [MS-RPCE] that are common to RPC interfaces. In particular, the server has to be started and fully initialized before the protocol can start.

The Group Key Distribution Protocol is used between clients and servers. The Group Key Distribution Protocol server runs on a DC with a DC functional level of DS_BEHAVIOR_WIN2012 or higher in an Active Directory domain. The client requires the ability to locate such a DC by using the DC Locator functionality specified in [MS-NRPC] section 3.5.4.3.1.

To use the Group Key Distribution Protocol, the client first establishes an authenticated RPC connection to the server's dynamic endpoint. The client and server require appropriate credentials to set up such a session and to establish a mutually authenticated RPC connection over the session.

The Group Key Distribution Protocol requires the use of secure RPC. It is necessary for both client and server to support mutual authentication through SPNEGO [MS-SPNG] [RFC4178] and to also support security packages that implement impersonation support, along with packet privacy and integrity.

The server needs to maintain some state in Active Directory, which consists of a server configuration object and a set of root key objects, as specified in section 3.1.1. This state has to be accessible from the location specified in section 1.9 in the form of the object classes referenced in section 2.3. At a minimum, a single valid server configuration object with a version number is required to be present on the Active Directory DC. A procedure for creating or updating a server configuration object is specified in section 3.1.4.1.3. Any server configuration that is created or updated in this manner will be used by all servers in the Active Directory forest when creating future root keys, as specified in section 3.1.4.1.1, but will not affect any existing root keys. This state is replicated between domain controllers by using server-to-server replication mechanisms, as specified in [MS-ADTS] section 6.2.

The server configuration object also needs protection from unauthorized modification, and the root key objects require protection from unauthorized disclosure or modification. The server also requires a method of generating cryptographically strong random numbers for use as root keys in this protocol.