Configure DTC Security

Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

You can configure the security requirements for distributed transactions in which your computer participates. The default security settings do not allow your computer to participate in remote distributed transactions.

Important

  • By default, Distributed Transaction Coordinator (DTC) runs under the NetworkService account. This account is specifically designed to allow services such as the Distributed Transaction Coordinator service to run with the appropriate set of privileges. To minimize potential security problems and ensure that the DTC service runs, we recommend that you use the default NetworkService account. Alternately, a domain user account can be used.

  • If you enable DTC network transactions on a computer that has Windows Firewall enabled, you must also configure the computer to allow DTC traffic through the firewall. For more information about Windows Firewall, see Managing Program, Port, and System Service Exceptions (https://go.microsoft.com/fwlink/?LinkId=67467).

  • Membership in Administrators , or equivalent, is the minimum required to complete this procedure.

    To configure DTC Security to allow only local transactions

    1. Open Component Services.

    2. In the Component Services snap-in, double-click Computers , Computer Name , and Distributed Transaction Coordinator .

    3. Right-click Local DTC , click Properties , and then click the Security tab.

    4. Under Security Settings , clear the Network DTC Access check box.

    5. Continue to configure security settings, or click OK .

    Additional considerations

    • Component Services is no longer in Administrative Tools. To open Component Services, click Start . In the search box, type dcomcnfg , and then press ENTER.

    To configure DTC Security to use a remote transaction coordinator

    1. Open Component Services.

    2. In the Component Services snap-in, double-click Computers , Computer Name , and Distributed Transaction Coordinator .

    3. Right-click Local DTC , click Properties , and then click the Security tab.

    4. Under Security Settings , select the Network DTC Access check box.

    5. Under Transaction Manager Communication , select the Allow Inbound and Allow Outbound check boxes.

    6. Select an authentication level for DTC communications. Mutual Authentication Required is the most secure level.

    7. Continue to configure security settings, or click OK .

    Additional considerations

    • Component Services is no longer in Administrative Tools. To open Component Services, click Start . In the search box, type dcomcnfg , and then press ENTER.

    To coordinate remote transactions

    1. Open Component Services.

    2. In the Component Services snap-in, double-click Computers , Computer Name , and Distributed Transaction Coordinator .

    3. Right-click Local DTC , click Properties , and then click the Security tab.

    4. Under Security Settings , select the Network DTC Access check box.

    5. Under Client and Administration , select the Allow Remote Clients check box.

    6. Under Transaction Manager Communication , select the Allow Inbound and Allow Outbound check boxes.

    7. Select an authentication level for DTC communications. Mutual Authentication Required is the most secure level.

    8. Continue to configure security settings, or click OK .

    Additional considerations

    • Component Services is no longer in Administrative Tools. To open Component Services, click Start . In the search box, type dcomcnfg , and then press ENTER.

    To change the DTC logon account

    1. Open Component Services.

    2. In the Component Services snap-in, double-click Computers , Computer Name , and Distributed Transaction Coordinator .

    3. Right-click Local DTC , click Properties , and then click the Security tab.

    4. Under DTC Logon Account , enter the account under which the DTC will run, or click Browse to locate the account name. Type and then confirm the password for that account.

    5. Click OK .

    Additional considerations

    • Component Services is no longer in Administrative Tools. To open Component Services, click Start . In the search box, type dcomcnfg , and then press ENTER.

    Additional references