2.1.1.1 Server Security Settings

The server interface MUST be identified by the UUID 8f09f000-b7ed-11ce-bbd2-00001a181cad version 0.0. The server MUST specify RPC over SMB as the RPC protocol sequence to the RPC implementation, as specified in [MS-RPCE]. The DIMSVC RPC server MUST specify "Simple and Protected GSS-API Negotiation Mechanism" (0x09) as the RPC authentication service (AS) as specified in [MS-RPCE] section 2.2.1.1.7. The dimsvc RPC SHOULD<1> support RPC_C_AUTHN_LEVEL_PKT_PRIVACY (0x06) as the RPC authentication level. This enables clients requiring data confidentiality to be able to connect to the RPC server interface with data confidentiality.

The DIMSVC RPC server, to perform its task, MUST impersonate the RPC client and retrieve its identity as specified in [MS-RPCE] section 3.3.3.4.3. To determine whether the client has access to an RPC method, all the RPC methods described under section 3.1.4 use this identity to ensure that the client belongs to the local administrators group on the server.