4.11.15.  IPsec Services service - Windows XP and later versions

In Windows XP, the IPsec Services service runs one RPC service on the following endpoints:

E:\>ifids -p ncalrpc -e ipsec jamal
Interfaces: 8

[...]

  12345678-1234-abcd-ef00-0123456789ab v1.0


E:\>ifids -p ncacn_np -e \pipe\ipsec \\.

Interfaces: 8

[...]

  12345678-1234-abcd-ef00-0123456789ab v1.0

In Windows Server 2003, the RPC service does not seem to set a specific endpoint. If the HKLM\SYSTEM\CCS\Services\PolicyAgent\EnableRemoteMgmt registry value is set to 0 or is not present, the RPC security callback function prevents remote access to this interface.

In Windows Vista, if the EnableRemoteMgmt registry value is set (it is not set by default), the IPsec service registers a named pipe endpoint with a randomly-generated name:


C:\> rpcdump 127.0.0.1

[...]

IfId: 12345678-1234-abcd-ef00-0123456789ab v1.0
Annotation: IPSec Policy Agent endpoint
UUID: 00000000-0000-0000-0000-000000000000
Binding: ncacn_np:127.0.0.1[\\pipe\\d58b3ca461625de0]

[...]

C:\>ifids -p ncacn_np -e \pipe\d58b3ca461625de0 \\.
Interfaces: 1
  12345678-1234-abcd-ef00-0123456789ab v1.0

Table 4.87. winipsec operations

InterfaceOperation numberOperation name
12345678-1234-abcd-ef00-0123456789ab v1.0: winipsec  
 0x00RpcAddTransportFilter
 0x01RpcDeleteTransportFilter
 0x02RpcEnumTransportFilters
 0x03RpcSetTransportFilter
 0x04RpcGetTransportFilter
 0x05RpcAddQMPolicy
 0x06RpcDeleteQMPolicy
 0x07RpcEnumQMPolicies
 0x08RpcSetQMPolicy
 0x09RpcGetQMPolicy
 0x0aRpcAddMMPolicy
 0x0bRpcDeleteMMPolicy
 0x0cRpcEnumMMPolicies
 0x0dRpcSetMMPolicy
 0x0eRpcGetMMPolicy
 0x0fRpcAddMMFilter
 0x10RpcDeleteMMFilter
 0x11RpcEnumMMFilters
 0x12RpcSetMMFilter
 0x13RpcGetMMFilter
 0x14RpcMatchMMFilter
 0x15RpcMatchTransportFilter
 0x16RpcGetQMPolicyByID
 0x17RpcGetMMPolicyByID
 0x18RpcAddMMAuthMethods
 0x19RpcDeleteMMAuthMethods
 0x1aRpcEnumMMAuthMethods
 0x1bRpcSetMMAuthMethods
 0x1cRpcGetMMAuthMethods
 0x1dRpcInitiateIKENegotiation
 0x1eRpcQueryIKENegotiationStatus
 0x1fRpcCloseIKENegotiationHandle
 0x20RpcEnumMMSAs
 0x21RpcDeleteMMSAs
 0x22RpcDeleteQMSAs
 0x23RpcQueryIKEStatistics
 0x24RpcRegisterIKENotifyClient
 0x25RpcQueryIKENotifyData
 0x26RpcCloseIKENotifyHandle
 0x27RpcQueryIPSecStatistics
 0x28RpcEnumQMSAs
 0x29RpcAddTunnelFilter
 0x2aRpcDeleteTunnelFilter
 0x2bRpcEnumTunnelFilters
 0x2cRpcSetTunnelFilter
 0x2dRpcGetTunnelFilter
 0x2eRpcMatchTunnelFilter
 0x2fRpcOpenMMFilterHandle
 0x30RpcCloseMMFilterHandle
 0x31RpcOpenTransportFilterHandle
 0x32RpcCloseTransportFilterHandle
 0x33RpcOpenTransportFilterHandle
 0x34RpcCloseTransportFilterHandle
 0x35RpcOpenTunnelFilterHandle
 0x36RpcCloseTunnelFilterHandle
 0x37RpcEnumIpsecInterfaces
 0x38RpcAddSAs
 0x39RpcSetConfigurationVariables
 0x3aRpcGetConfigurationVariables
 0x3bRpcQuerySpdPolicyState
> Windows Vista0x3cRpcAddMMFilterEx
 0x3dRpcEnumMMFiltersEx
 0x3eRpcSetMMFilterEx
 0x3fRpcGetMMFilterEx
 0x40RpcMatchMMFilterEx
 0x41RpcOpenMMFilterHandleEx
 0x42RpcAddTransportFilterEx
 0x43RpcEnumTransportFiltersEx
 0x44RpcSetTransportFilterEx
 0x45RpcGetTransportFilterEx
 0x46RpcMatchTransportFilterEx
 0x47RpcOpenTransportFilterHandleEx
 0x48RpcQueryRemoteFWRunning