Managing the MSDTC Service Remotely

Applies To: Windows Server 2008

Before the release of Windows XP and Windows Server 2003, Microsoft Distributed Transaction Coordinator (MS DTC) made it possible for transactions to be managed over a network. That is, the MS DTC made it possible for you to use the Component Services user interface (UI) on a local computer to manage the Distributed Transaction Coordinator service (MSDTC) running on a remote system. This ability to manage transactions over a network carries certain security risks that can leave transactions and resource managers vulnerable to attack. Specifically, this type of network administration can make unauthorized changes to transactions possible, which, in turn, may cause the following security problems:

• Denial-of-service attacks.

• Resource manager data corruption. This corruption can occur if the MS DTC log is reset or transactions are resolved to the wrong state.

• Network attack points. These attack points exist when MSDTC advertises a network remote procedure call (RPC) endpoint.

With Windows XP and Windows Server 2003, and continuing with Windows Vista and Windows Server 2008, the you can disable the ability to manage MSDTC remotely. Disabling remote administration of transactions provides the following MS DTC security enhancements:

• MSDTC can stop advertising network RPC endpoints. Advertising network RPC endpoints puts any domain controller at risk for denial-of-service attacks. For this reason, the setting to manage MSDTC remotely, as well as all other MS DTC security settings, is turned off on a domain controller by default. We recommend that these settings remain disabled on all domain controllers on the network.

• When a user is connected remotely, the UI no longer allows the user to perform the following tasks:

  • Display, resolve, or trace transactions

  • Get transaction statistics

  • Manage a transaction individually