viernes, 3 de abril de 2009

MS DTC Security Configuration

By: Unknown on 14:34
Share it Please

Microsoft Windows Server 2003 Service Pack 1 has introduced many security-related updates and changes, some of them affect to Microsoft Distributed Transaction Coordinator (DTC) service.

To open the configuration settings of the DTC service on a server you have to open the Component Services console (Control Panel, Administrative Tools, Component Services or you can type dcomcnfg.exe command from the Run window ), expand the Component Services and Computers nodes, right click on My Computer one and then select Properties.

DTCSec3 DTCSec4

On My Computer Properties window select the MSDTC tab and click on Security Configuration button to open the security settings window. On this new window you can see all options related to the security configuration of our DTC service. To communicate to machines across DTC service we need to implement the same security configuration on both boxes.

DTCSec5

For two machines to communicate over MSDTC they should at-least have the following security options enabled. Without these three options, they won’t be able to participate in MSDTC transactions at all.

  • Enable Network DTC Access

  • Allow Inbound

  • Allow Outbound

So now the question is around the security setting for the radio button which has one of the three options (Mutual Authentication Required, Incoming caller authentication Required, No Authentication Required). Here are the scenarios where they will work:

  • Mutual Authentication Required (Most Secure)– will only work if the machines are in the same domain. This setting will not work on a Cluster.

  • Incoming Caller Authentication Required – You can set this authentication level for machines in Cluster but they should be in the same domain.

  • No Authentication Required (Least Secure) – works with almost everything. This is used specially for communicating with machines pre sp1 (Windows 2003) or to communicate two servers hosted in different domains that do not have a mutual trust configured or between computers that are members of a workgroup.

You can configure the security setting modifying the Registry entries directly, to do it follow the indications described on this MS article http://support.microsoft.com/kb/899191/en-us

Publicado por en
Etiquetas:

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)

Project Mgmt. Professional

Project Mgmt. Professional

AWS Architect

AWS Architect

ITIL Fundamentals

ITIL Fundamentals

Top

Designed By Templateism | Seo Blogger Templates