MSDTC - Enable NetworkDtcAccessClients

  • Hi - we have a vendor who is installing their software, which requires a backend SQL database.  Per the usual, they tell you during the installation all of the other items which need to change on the SQL machine itself to make their software work.  They are asking to enable HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC\Security\NetworkDtcAccessClients in the registry.  Right now we have this disabled, so just wondering if there are any security concerns with enabling this feature.  Didn't find much on the web related to this particular key.

    Thanks!

  • dan-404057 - Friday, September 28, 2018 9:38 AM

    Hi - we have a vendor who is installing their software, which requires a backend SQL database.  Per the usual, they tell you during the installation all of the other items which need to change on the SQL machine itself to make their software work.  They are asking to enable HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC\Security\NetworkDtcAccessClients in the registry.  Right now we have this disabled, so just wondering if there are any security concerns with enabling this feature.  Didn't find much on the web related to this particular key.

    Thanks!

    The support article when they introduced these covered the details of security implications. You are allowing DTC communications across the network. As with most things like that, the more you allow, the more exposure you have. Just like the more ports you open on a firewall, the more exposure you have. That doesn't necessarily mean you shouldn't open any ports.
    Here is the article about those settings if you haven't come across it - the security implications start being discussed in the section
    Significance of the new options that are available in the "Security Configuration" dialog box
    New functionality in the Distributed Transaction Coordinator service in Windows

    Sue

  • Thank you, I appreciate the info.  Ironically the vendor asking for this change is installing an application to monitor our servers with the purpose of INCREASING security.

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply