2.1 Transport

The client and server MUST communicate over RPC, using named pipes over the Server Message Block (SMB) Protocol. The SMB version, capabilities, and authentication used for this connection are negotiated between the client and server when the connection is established, as specified in [MS-SMB] and [MS-SMB2].

EFSRPC messages to remote servers SHOULD be sent using the well-known endpoint \pipe\efsrpc. Remote servers MAY respond to EFSRPC messages sent using the well-known endpoint \pipe\lsarpc. When connecting to \pipe\efsrpc, the server interface is identified by UUID [df1941c5-fe89-4e79-bf10-463657acf44d], version 1.0. When connecting to \pipe\lsarpc, the server interface is identified by UUID [c681d488-d850-11d0-8c52-00c04fd90f7e], version 1.0.<4>

The EFSRPC client MUST use explicit binding to create the RPC binding handle used to connect to the server, unless otherwise specified in section 3.1.4.2.

A server SHOULD<5> register one or more server principal name/authentication service pairs that provide a protection level that includes packet integrity. A client SHOULD attempt to associate suitable security information with its binding for the EFSRPC methods. For EfsRpcOpenFileRaw, clients SHOULD set the security options explicitly as noted in section 3. For all other EFSRPC methods, clients SHOULD use default values for the binding security information as specified in [MS-RPCE] section 3.3.2.3.1.