2.1 Transport

The Task Scheduler Remoting Protocol MUST use [MS-RPCE] as its transport protocol.

When using the ATSvc and SASec interfaces, the Task Scheduler Remoting Protocol client and server MUST specify ncacn_np as the RPC protocol sequence ([MS-RPCE] section 2.1.1.2).

When using the ITaskSchedulerService interface, the Task Scheduler Remoting Protocol client and server MUST specify ncacn_ip_tcp. The ATSvc and SASec interfaces use a well-known endpoint (see section 1.9) whereas the ITaskSchedulerService interface uses a dynamic endpoint. The server MUST specify the "Simple and Protected GSS-API Negotiation Mechanism" (0x9) as the RPC authentication service ([MS-RPCE] section 2.2.1.1.7). The client SHOULD specify either "Simple and Protected GSS-API Negotiation Mechanism" or "NTLM" (0xA) as the authentication service.<4>

The client SHOULD use an authentication level of Packet Privacy to connect to the server. If the server does not support this authentication level, the client SHOULD fall back to Connection. Authentication levels are specified in detail in [MS-RPCE] section 3.3.1.5.2.2.

The RPC server MUST require RPC_C_AUTHN_GSS_NEGOTIATE or RPC_C_AUTHN_WINNT authorization. The RPC client MUST use an authentication level of RPC_C_AUTHN_LEVEL_PKT_PRIVACY (value = 6), as specified in [MS-RPCE] section 2.2.1.1.8.