Managing the DTC Service Remotely

  • Article

 

Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server Technical Preview, Windows Vista

Prior to the release of Windows XP and Windows Server 2003, the DTC allowed transactions to be managed over a network; that is, the DTC allowed you to use the Component Services user interface on a local machine to manage a DTC service running on a remote system. This ability to manage transactions over a network carries certain security risks that can leave transactions and resource managers vulnerable to attack. Specifically, this type of network administration can make unauthorized changes to transactions possible, which, in turn, may cause the following security problems:

  • Denial of Service attacks.

  • Resource manager database corruption—This can occur if the DTC log is reset or transactions are resolved to the wrong state.

  • Existence of network attack points—These exist when the DTC service advertises a network Remote Procedure Call (RPC) endpoint.

With the release of Windows XP and Windows Server 2003, the ability to manage a DTC service remotely can be disabled. Disabling remote administration of transactions provides the following DTC security enhancements:

  • The DTC service can stop advertising network RPC endpoints. Advertising network RPC endpoints puts any domain controllers at risk for Denial of Service attacks. Only by disabling all DTC security options on a domain controller can this endpoint be dropped. For this reason, the setting to manage the DTC service remotely, as well as all other DTC security settings, are by default turned off on a domain controller. It is recommended that these settings remain disabled on all domain controllers on the network.

  • The user interface settings for managing the DTC can be used to prevent the display of sensitive information. Therefore, when remote administration of DTC is turned off, the user interface no longer allows a user to perform tasks such as the following. (If you want to perform these tasks, you must enable all DTC security settings.)

    • Display, resolve, or trace transactions

    • Get transaction statistics

    • Individually manage a transaction

Managing the DTC from a Remote System with Windows 2000 or NT 4.0

To manage the DTC from a remote system, you must consider the following scenarios.

Note

You cannot configure or reset the DTC log file from a remote system. The Component Services administrative tool updates the DTC log file directly, and therefore it must run on the system where the log file resides.

  • Managing the DTC from a remote Windows 2000 Server or Windows NT 4.0 systems: You can administer the DTC on a Windows 2000 system from a remote Windows 2000 or Windows NT 4.0 system.

  • Managing the DTC from a remote Windows 95 or Windows 98 systems: You can administer the DTC on a Windows 2000 system from a remote Windows 95 or Windows 98 system.

    Note

    You cannot start or stop the DTC from a remote Windows 95 or Windows 98 system.

See Also

Disabling Native Distributed Transactions
Disabling Transaction Services for Network Clients
Disabling TIP, LU and XA Transactions
DTC Security Considerations
Managing Accounts and Privileges