The Local Security Authority (Domain Policy) Remote Protocol is used to manage various machine and domain security policies. All versions of Windows NT operating system–based products, in all configurations, implement and listen on the server side of this protocol. However, not all operations are meaningful in all configurations.
This protocol, with minor exceptions, enables remote policy-management scenarios. Therefore, the majority of this interface does not need to be implemented to achieve Windows client-to-server (domain controller configuration and otherwise) interoperability, as defined by the ability for Windows clients to retrieve policy settings from servers.
Policy settings controlled by this protocol relate to the following:
Secret objects: Mechanisms that securely store data on the server.
Other miscellaneous settings, such as lifetimes of Kerberos tickets, states of domain controller (backup or primary), and other unrelated pieces of policy.
All of these types of policy are addressed in sections of this document that specify the server data model.
Sections 1.8, 2, and 3 of this specification are normative and can contain the terms MAY, SHOULD, MUST, MUST NOT, and SHOULD NOT as defined in RFC 2119. Sections 1.5 and 1.9 are also normative but cannot contain those terms. All other sections and examples in this specification are informative.