Information
This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. This policy setting can cause a specific issue with
1-way
forest trusts if it is applied to the
trusting
domain DCs (see Microsoft
KB3073942
), so we do not recommend applying it to Domain Controllers.
Note: This policy will not in effect until the system is rebooted.
The recommended state for this setting is: Enabled
Anonymous access to RPC services could result in accidental disclosure of information to unauthenticated users.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled :
Computer Configuration\Policies\Administrative Templates\System\Remote Procedure Call\Enable RPC Endpoint Mapper Client Authentication
Note: This Group Policy path is provided by the Group Policy template RPC.admx/adml that is included with the Microsoft Windows 8.0 & Server 2012 (non-R2) Administrative Templates (or newer).
Impact:
RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls will not be able to communicate with the Windows NT4 Server Endpoint Mapper Service.