5 Security
This protocol employs the security mechanism of the underlying transport infrastructure specified in [MS-CMP] and [MS-CMPO]. Because the information exchanged in messages by this protocol can contain sensitive data, like the transaction identifiers and transaction manager addresses, implementers need to use mutual authentication, as specified in [MS-CMPO] section 2.1.3.<10>
The Windows Remote Registry Protocol [MS-RRP] and Failover Cluster: Management API (ClusAPI) Protocol [MS-CMRP] registry keys exposed by the Management Server are protected for access as follows:
Read access (KEY_READ) needs to be granted to all authenticated users.
Write access (KEY_WRITE) needs to be granted to a restricted group of users.
Full access (KEY_ALL_ACCESS) needs to be granted to BUILTIN_ADMINISTRATORS, LOCAL_SYSTEM, and the MSDTC service account.