How passwords are used in Windows


How passwords are used in Windows (and password-hash) is not all about Microsoft Active Directory.

When a user logs on, the password the user types is converted into password-hash and held in Random Access Memory (RAM) by the Local Security Authority Subsystem Service (LSASS) process. If the user using a local account for authentication, the Hash Functions is compared against the locally stored NTLMv2 Hash, and if the two match, the user Authenticated.

If the user is authenticating against an Microsoft Active Directory AD DOMAIN by using a hostname to access a resource, the NTLMv2 Hash is used in a Kerberos logon against the Key Distribution Center (KDC), which is typically a Domain Controller. The password verifier is computed by Netlogon service, not LSASS.

Kerberos cannot be used in the following situations:

In these situations, the authentication process uses different protocols that are determined by the LAN Manager authentication level Group Policy Object setting.

More Information#

There might be more information for this subject on one of the following: