Operating System » MS Windows » Windows - How to » How to recover from Winsock Error » Network Protection Technology » RPC Interface Restriction

RPC Interface Restriction

A number of changes have been made in the Remote Procedure Call (RPC) service for Windows XP Service Pack 2 that help make RPC interfaces secure by default and reduce the attack surface of Windows XP. The most significant change is the addition of the RestrictRemoteClients registry key. This key modifies the behavior of all RPC interfaces on the system and will, by default, eliminate remote anonymous access to RPC interfaces on the system, with some exceptions. Additional changes include the EnableAuthEpResolution registry key and three new interface registration flags.

When an interface is registered using RpcServerRegisterIf, RPC allows the server application to restrict access to the interface, typically through a security callback. The RestrictRemoteClients registry key forces RPC to perform additional security checks for all interfaces, even if the interface has no registered security callback.

RPC clients that use the named pipe protocol sequence (ncacn_np) are exempt from all restrictions discussed in this section. The named pipe protocol sequence cannot be restricted by default, due to several significant backwards compatibility issues.

The RestrictRemoteClients registry key can have one of three DWORD values that can also be controlled programmatically in rpcdce.h. If the key is not present, it is equivalent to setting the DWORD=1 value (RPC_RESTRICT_REMOTE_CLIENT_DEFAULT).

Updated On: 05.09.09

Leave your message, comment or feedback:
Your Name (shown) & Your E-mail (hidden) is used only to alert you when someone reply your message.