3.3.1.2.3 RPC Security Registry Keys

Article
06/24/2021

If a key value in the following table is required by the registry protocol version as specified in section 2.2.1.2.1, then the key value, if present, MUST be of the correct type and MUST be set to a legal value. The registry path of these key values and the protocol used to access them is specified in section 2.2.1.2.2.3.

Key value	Abstract Data Model element
"AllowOnlySecureRpcCalls", "FallbackToUnsecureRPCIfNecessary", and "TurnOffRpcSecurity"	Security Level specified in [MS-DTCO] section 3.2.1. If the AllowOnlySecureRpcCalls registry key is supported (as specified in section 2.2.1.2.1) and is either missing or set to a value other than 0x00000000, then the Security Level MUST be set to mutual authentication. Else, if the FallbackToUnsecureRPCIfNecessary registry key is supported (as specified in section 2.2.1.2.1) and is set to a value other than 0x00000000, then the Security Level MUST be set to Incoming Authentication. Else, if the TurnOffRpcSecurity registry key is supported (as specified in section 2.2.1.2.1) and is set to a value other than 0x00000000, then the Security Level MUST be set to No Security. Else, the Security Level MUST be set to the default, implementation-specific security level value. <7>
"ServiceNetworkProtocols"	The Service Network Protocols abstract data model element is specified in [MS-CMPO] section 3.3.1. The list of protocols specified by the registry key ServiceNetworkProtocols MUST be mapped to the list of supported RPC protocols in the COM_PROTOCOL field passed to the underlying OleTx Transports Protocol layer, as specified in [MS-CMPO] section 1.3.2. The ServiceNetworkProtocols registry key has a type of Int32. Its possible values are any bitwise-OR combination of zero or more RPC_NETWORK_PROTOCOL values. If the key value is 0x00000000 or is missing, then the list of protocols MUST contain a single entry specifying TCP/IP.

Key value

Abstract Data Model element

"AllowOnlySecureRpcCalls", "FallbackToUnsecureRPCIfNecessary", and "TurnOffRpcSecurity"

Security Level specified in [MS-DTCO] section 3.2.1.

If the AllowOnlySecureRpcCalls registry key is supported (as specified in section 2.2.1.2.1) and is either missing or set to a value other than 0x00000000, then the Security Level MUST be set to mutual authentication.

Else, if the FallbackToUnsecureRPCIfNecessary registry key is supported (as specified in section 2.2.1.2.1) and is set to a value other than 0x00000000, then the Security Level MUST be set to Incoming Authentication.

Else, if the TurnOffRpcSecurity registry key is supported (as specified in section 2.2.1.2.1) and is set to a value other than 0x00000000, then the Security Level MUST be set to No Security.

Else, the Security Level MUST be set to the default, implementation-specific security level value. <7>

"ServiceNetworkProtocols"

The Service Network Protocols abstract data model element is specified in [MS-CMPO] section 3.3.1.

The list of protocols specified by the registry key ServiceNetworkProtocols MUST be mapped to the list of supported RPC protocols in the COM_PROTOCOL field passed to the underlying OleTx Transports Protocol layer, as specified in [MS-CMPO] section 1.3.2.

The ServiceNetworkProtocols registry key has a type of Int32. Its possible values are any bitwise-OR combination of zero or more RPC_NETWORK_PROTOCOL values. If the key value is 0x00000000 or is missing, then the list of protocols MUST contain a single entry specifying TCP/IP.

"Mutual Authentication", "Incoming Authentication", and "No Security" are specified in [MS-CMPO], section 3.2.1.1.

3.3.1.2.3 RPC Security Registry Keys

Additional resources