nt-part2_24
Analysis of the Security of Windows NT
1 March 1999
24
Both the above APIs consists of two components [42]:
A DLL (WSOCK32.DLL respectively NETAPI32.DLL), which shares memory
with the user application.
A driver (emulator), which implements the session layer according to the OSI
model.
The RPC facility consists of a run-time library and a compiler (MIDL). This mecha-
nism allows programmers to easily write distributed applications. RPCs were intro-
duced in [1], and has since then been adopted by Open Software Foundation (OSF) in
their Distributed Computing Environment (DCE) [5]. Microsoft claims [42] that the
RPCs in NT is completely compatible with the RPCs in DCE. This implies that a cli-
ent, or a server, developed on an NT system, can interoperate with a server, or client,
developed on a DCE-based system.
The RPC facility is different from both the WinSock API and the NetBIOS API in that
it uses other IPC mechanisms as the transport medium. The following IPCs can be
used:
Named pipes
NetBIOS
WinSocks
4.2 Domains
Domains are basically a way of centralizing the management of user accounts. It con-
sists of a primary domain controller (PDC) and zero or more backup domain control-
lers (BDC). All user management is carried out on the SAM database on the PDC and
are replicated to the BDCs. This implies that, no matter where in the domain or how the
administrator is managing domain information the changes are done to the PDC SAM
database. If the PDC is down for some reason no changes of user information or adding
of new accounts in that domain is possible. But users can log on as usual since the
information in the database is replicated on the BDCs. A BDC can, however, be pro-
moted to a PDC in the absence of the original one and thus take over its role. When cre-
ating a domain the PDC has to be the first server installed in this domain. This is due to
the fact that the role of PDC or BDC is decided at the time the server software is
installed on the computer. During this process there is a choice of becoming PDC or
joining an existing domain. NT Severs that join an existing domain will become BDCs
for that domain. A Server can also choose not to join a domain as PDC or BDC but will
then, if it joins a domain, be treated as a workstation in the domain. These types of
servers are sometimes referred to as member servers. A member server can not become
a BDC or PDC without full reinstallation of the software. It is also impossible for a
PDC or a BDC to leave a domain without complete reinstallation of the server soft-
ware. According to [36] there is no way to avoid the reinstallation. This is due to the
fact that a unique domain SID is created when the PDC is installed. This SID is later
used as a prefix in the SIDs of the BDCs. So the servers will identify membership in
the domain based on these SIDs and not based on names. These SIDs can not be
changed. To join a domain a workstation has to have a computer account on the PDC.
This account is created with the help of the System Manager program. The account is