5.1 Security Considerations for Implementers
Implementers need to be careful not to expose functionality through this interface to users who do not have permissions for such functionality. If users cannot reboot the server while logged on locally, do not allow them to reboot it by using this protocol. The exposed state of the services has to be available only to users with permission to see the state when logged on directly to the computer.
Implementations can decide to enforce security (as specified in [C706] section 2.7) as needed on the processes and operations defined in this specification.
Implementers need to review the security considerations as specified in [MS-RPCE] section 5.1 because these are valid for DCOM-based protocols.