2.1 Transport

This protocol uses the following RPC protocol sequences:

This protocol MUST use RPC dynamic endpoints, as specified in [C706] section 4, when using RPC over TCP/IP.

This protocol MUST use "\PIPE\lsarpc" as the RPC endpoint when using RPC over SMB.<2>

RPC clients for this protocol MUST use RPC over SMB for the LsarOpenPolicy2, LsarOpenPolicy, LsarClose, LsarGetUserName, LsarLookupNames, LsarLookupNames2, LsarLookupNames3, LsarLookupSids, and LsarLookupSids2 methods. RPC clients MUST use RPC over TCP/IP for the LsarLookupNames4 and LsarLookupSids3 methods.<3>

The server SHOULD<4> reject calls that do not use an authentication level of RPC_C_AUTHN_LEVEL_NONE, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, or RPC_C_AUTHN_LEVEL_PKT_PRIVACY ([MS-RPCE] section 2.2.1.1.8).

This protocol MUST use the UUID and version number as follows:

  • UUID: See section 1.9.

  • Version number: 0.0.

Security settings used in this protocol vary depending on the role of the RPC client and RPC server, the method being used, and the specific parameters being used. Therefore, security settings are discussed in the message processing sections for each message.