3.10.30.1 (L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'

Information

This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. This policy setting can cause a specific issue with

1-way

forest trusts if it is applied to the

trusting

domain DCs (see Microsoft

KB3073942

), so we do not recommend applying it to Domain Controllers.

Note: This policy will not in effect until the system is rebooted.

The recommended state for this setting is: Enabled

Anonymous access to RPC services could result in accidental disclosure of information to unauthenticated users.

Solution

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Disa Enabled`ed.

Administrative Templates\System\Remote Procedure Call\Enable RPC Endpoint Mapper Client Authentication

Impact:

RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls will not be able to communicate with the Windows NT4 Server Endpoint Mapper Service.

See Also

https://workbench.cisecurity.org/benchmarks/16853

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4, CSCv7|9.2

Plugin: Windows

Control ID: c15237049aa4de4e09f78aa9c5b04a9a6ce26e4903b9fc74a918600518624003