Export (0) Print
Expand All

5 Security

This protocol employs the security mechanism of the underlying transport infrastructure specified in [MS-CMP] and [MS-CMPO]. Because the information exchanged in Messages by this protocol can contain sensitive data, like the transaction identifiers and transaction manager addresses, implementers should use mutual authentication, as specified in [MS-CMPO] section 2.1.3.<10>

The Windows Remote Registry Protocol [MS-RRP] and Failover Cluster: Management API (ClusAPI) Protocol [MS-CMRP] registry keys exposed by the Management Server should be protected for access as follows:

  • Read access (KEY_READ) should be granted to all authenticated users.

  • Write access (KEY_WRITE) should be granted to a restricted group of users.

  • Full access (KEY_ALL_ACCESS) should be granted to BUILTIN_ADMINISTRATORS, LOCAL_SYSTEM, and the MSDTC service account.

© 2014 Microsoft