MSRPC uses the Windows SSPI (Security Support Provider Interface) to use security services such as authentication and confidentiality.
The list of MSRPC security providers is stored under the following registry key:
Key: HKLM\SOFTWAWRE\Microsoft\Rpc\SecurityService\
The following MSRPC security providers are defined:
Table 4.1. MSRPC security providers
| Security Provider | Integer | DLL |
|---|---|---|
| DCE private key authentication | 1 | secur32.dll |
| SPNEGO | 9 | secur32.dll |
| NTLM | 10 | secur32.dll |
| Schannel (SSL, PCT, TLS) | 14 | schannel.dll |
| MS Kerberos | 16 | secur32.dll |
| MSN SSP | 17 | |
| Distributed Password Authentication | 18 | secur32.dll |
| Netlogon secure channel | 68 | netlogon.dll |
| Microsoft Message Queue (MSMQ) | 100 |
When the SMB transport (ncacn_np) is used, there is no additional authentication at the MSRPC level. Instead, the security context of the MSRPC session is derived from the authenticated SMB session established previously.