MSDTC - Enable NetworkDtcAccessClients

Question

MSDTC - Enable NetworkDtcAccessClients

DjH

SSC Eights!

Points: 843
More actions
September 28, 2018 at 9:38 am

#408567

Hi - we have a vendor who is installing their software, which requires a backend SQL database. Per the usual, they tell you during the installation all of the other items which need to change on the SQL machine itself to make their software work. They are asking to enable HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC\Security\NetworkDtcAccessClients in the registry. Right now we have this disabled, so just wondering if there are any security concerns with enabling this feature. Didn't find much on the web related to this particular key.
Thanks!

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply

Sue_H SSC Guru Points: 90860 More actions · Answer 1

dan-404057 - Friday, September 28, 2018 9:38 AM
Hi - we have a vendor who is installing their software, which requires a backend SQL database. Per the usual, they tell you during the installation all of the other items which need to change on the SQL machine itself to make their software work. They are asking to enable HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC\Security\NetworkDtcAccessClients in the registry. Right now we have this disabled, so just wondering if there are any security concerns with enabling this feature. Didn't find much on the web related to this particular key.
Thanks!

The support article when they introduced these covered the details of security implications. You are allowing DTC communications across the network. As with most things like that, the more you allow, the more exposure you have. Just like the more ports you open on a firewall, the more exposure you have. That doesn't necessarily mean you shouldn't open any ports.
Here is the article about those settings if you haven't come across it - the security implications start being discussed in the section
Significance of the new options that are available in the "Security Configuration" dialog box
New functionality in the Distributed Transaction Coordinator service in Windows

Sue

DjH SSC Eights! Points: 843 More actions · Answer 2

Thank you, I appreciate the info. Ironically the vendor asking for this change is installing an application to monitor our servers with the purpose of INCREASING security.