This protocol employs the security mechanism of the underlying transport infrastructure specified in [MS-CMP] and [MS-CMPO]. Because the information exchanged in Messages by this protocol can contain sensitive data, like the transaction identifiers and transaction manager addresses, implementers should use mutual authentication, as specified in [MS-CMPO] section 2.1.3.<10>
The Windows Remote Registry Protocol [MS-RRP] and Failover Cluster: Management API (ClusAPI) Protocol [MS-CMRP] registry keys exposed by the Management Server should be protected for access as follows:
Read access (KEY_READ) should be granted to all authenticated users (AUTHENTICATED_USERS, as defined in [MS-WSO]).
Write access (KEY_WRITE) should be granted to a restricted group of users.
Full access (KEY_ALL_ACCESS) should be granted to BUILTIN_ADMINISTRATORS, LOCAL_SYSTEM, and the MSDTC service account.