4.4. MSRPC security model

MSRPC uses the Windows SSPI (Security Support Provider Interface) to use security services such as authentication and confidentiality.

The list of MSRPC security providers is stored under the following registry key:

Key: HKLM\SOFTWAWRE\Microsoft\Rpc\SecurityService\

The following MSRPC security providers are defined:

Table 4.1. MSRPC security providers

Security ProviderIntegerDLL
DCE private key authentication1secur32.dll
Schannel (SSL, PCT, TLS)14schannel.dll
MS Kerberos16secur32.dll
Distributed Password Authentication18secur32.dll
Netlogon secure channel68netlogon.dll
Microsoft Message Queue (MSMQ)100 

When the SMB transport (ncacn_np) is used, there is no additional authentication at the MSRPC level. Instead, the security context of the MSRPC session is derived from the authenticated SMB session established previously.