4.15. RPC interfaces restriction in Windows XP SP2, Windows Server 2003 SP1 and later versions

In Windows XP SP2, RPC interfaces restrictions were introduced. By default, it is not possible to bind anonymously to an interface, except using the ncacn_np protocol sequence.

The RestrictRemoteClients registry value (Restrictions for Unauthenticated RPC Client GPO), not present by default but with a default value of 1 (RPC_RESTRICT_REMOTE_CLIENT_DEFAULT) prevents anonymous binding to RPC interfaces, typically using the ncacn_ip_tcp transport.

In particular, the restriction applies to RPC interfaces running in the rpcss service, including the endpoint mapper (epmp) interface. Yet, it is still possible to query the endpoint mapper anonymously using the ncacn_np protocol sequence with the \pipe\epmapper named pipe as endpoint.

For more information, see the RPC Interface Restriction section in the Network Protection technologies chapter in the Changes to Functionality in Microsoft Windows XP Service Pack 2 document [94] and the #838191 Microsoft knowledge base article [95].

The RestrictRemoteClients registry value (Restrictions for Unauthenticated RPC Client GPO) also exists in Windows Server 2003 SP1 but its default value is 0 (restrictions are disabled). It is recommended to set it to 1 (RPC_RESTRICT_REMOTE_CLIENT_DEFAULT) or 2 (RPC_RESTRICT_REMOTE_CLIENT_HIGH).