Disabling Transaction Services for Network Clients
By default, all client requests for transactions are serviced by the local DTC. For performance reasons, Microsoft Windows 2000 Server also allows an administrator to configure the DTC so that it can service remote clients, but with this ability comes a possible security risk.
With Microsoft Windows XP, Windows Server 2003, and subsequent versions, administrators can disable the ability for DTC to service remote clients. This feature helps to prevent both data corruption and Denial of Service attacks.
When the ability to manage network clients is disabled, clients on remote client machines are prevented from causing possible data corruption by stopping the DTC. For example, if this feature was not disabled and if a client stopped a remote DTC and used the resource manager object to call the IResourceManager::ReenlistmentComplete method, the remote client could seriously corrupt the database. The commit and abort decisions from the remote DTC would be discarded and would never reach the original resource manager.
When this feature is disabled, all remote clients are blocked and are denied service by a remote DTC.
When the ability to manage network clients is disabled, clients on remote machines are prevented from starting a DTC. Windows 2000 Server, Windows XP, and Windows Server 2003 provide just-in-time startup, which allows users to start a DTC on a remote node. However, when Windows XP and Windows Server 2003 are configured to disable remote clients, an access control list (ACL) is set to disallow startup of a DTC from a remote client.