allow dcerpc auth level connect
This option controls whether DCERPC services are allowed to be used with DCERPC_AUTH_LEVEL_CONNECT, which provides authentication, but no per message integrity nor privacy protection.
Some interfaces like samr, lsarpc and netlogon have a hard-coded default of no and epmapper, mgmt and rpcecho have a hard-coded default of yes.
The behavior can be overwritten per interface name (e.g. lsarpc, netlogon, samr, srvsvc, winreg, wkssvc ...) by using 'allow dcerpc auth level connect:interface = yes' as option.
This option yields precedence to the implementation specific restrictions. E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY. The dnsserver protocol requires DCERPC_AUTH_LEVEL_INTEGRITY.
Example: yes
Supported on: At least Microsoft Windows 7 or Windows Server 2008 family
allow dcerpc auth level connect| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Samba\smb_conf\allow dcerpc auth level connect |
| Value Name | allow dcerpc auth level connect |
| Value Type | REG_DWORD |
| Default Value | 0 |
| True Value | 1 |
| False Value | 0 |
samba.admx
- Samba
- smb.conf
- abort shutdown script
- add group script
- additional dns hostnames
- add machine script
- addport command
- addprinter command
- add share command
- add user script
- add user to group script
- afs token lifetime
- afs username map
- aio max threads
- algorithmic rid base
- allow dcerpc auth level connect
- allow dns updates
- allow insecure wide links
- allow nt4 crypto
- allow trusted domains
- allow unsafe cluster upgrade
- apply group policies
- async smb echo handler
- auth event notification
- auto services
- binddns dir
- bind interfaces only
- browse list
- cache directory
- change notify
- change share command
- check password script
- cldap port
- client ipc max protocol
- client ipc min protocol
- client ipc signing
- client lanman auth
- client ldap sasl wrapping
- client max protocol
- client min protocol
- client NTLMv2 auth
- client plaintext auth
- client schannel
- client signing
- client use spnego
- client use spnego principal
- cluster addresses
- clustering
- config backend
- config file
- create krb5 conf
- ctdbd socket
- ctdb locktime warn threshold
- ctdb timeout
- cups connection timeout
- cups encrypt
- cups server
- dcerpc endpoint servers
- deadtime
- debug class
- debug encryption
- debug hires timestamp
- debug pid
- debug prefix timestamp
- debug uid
- dedicated keytab file
- default service
- defer sharing violations
- delete group script
- deleteprinter command
- delete share command
- delete user from group script
- delete user script
- dgram port
- disable netbios
- disable spoolss
- dns forwarder
- dns proxy
- dns update command
- dns zone scavenging
- domain logons
- domain master
- dos charset
- dsdb event notification
- dsdb group change notification
- dsdb password event notification
- elasticsearch:mappings
- enable asu support
- enable core files
- enable privileges
- enable spoolss
- encrypt passwords
- enhanced browsing
- enumports command
- eventlog list
- fss: prune stale
- fss: sequence timeout
- get quota command
- getwd cache
- gpo update command
- guest account
- homedir map
- host msdfs
- hostname lookups
- idmap backend
- idmap cache time
- idmap gid
- idmap negative cache time
- idmap uid
- include system krb5 conf
- init logon delay
- init logon delayed hosts
- interfaces
- iprint server
- keepalive
- kerberos encryption types
- kerberos method
- kernel change notify
- kpasswd port
- krb5 port
- lanman auth
- large readwrite
- ldap admin dn
- ldap connection timeout
- ldap debug level
- ldap debug threshold
- ldap delete dn
- ldap deref
- ldap follow referral
- ldap group suffix
- ldap idmap suffix
- ldap machine suffix
- ldap max anonymous request size
- ldap max authenticated request size
- ldap max search request size
- ldap page size
- ldap passwd sync
- ldap replication sleep
- ldapsam:editposix
- ldapsam:trusted
- ldap server require strong auth
- ldap ssl
- ldap ssl ads
- ldap suffix
- ldap timeout
- ldap user suffix
- lm announce
- lm interval
- load printers
- local master
- lock directory
- lock spin time
- log file
- logging
- log level
- log nt token command
- logon drive
- logon home
- logon path
- logon script
- log writeable files on exit
- lpq cache time
- lsa over netlogon
- machine password timeout
- mangle prefix
- mangling method
- map to guest
- max disk size
- max log size
- max mux
- max open files
- max smbd processes
- max stat cache size
- max ttl
- max wins ttl
- max xmit
- mdns name
- message command
- min receivefile size
- min wins ttl
- mit kdc command
- multicast dns register
- name cache timeout
- name resolve order
- nbt client socket address
- nbtd:wins_prepend1Bto1Cqueries
- nbtd:wins_randomize1Clist_mask
- nbtd:wins_wins_randomize1Clist
- nbt port
- ncalrpc dir
- netbios aliases
- netbios name
- netbios scope
- neutralize nt4 emulation
- NIS homedir
- nmbd bind explicit broadcast
- nsupdate command
- ntlm auth
- nt pipe support
- ntp signd socket directory
- nt status support
- null passwords
- obey pam restrictions
- old password allowed period
- oplock break wait time
- os2 driver map
- os level
- pam password change
- panic action
- passdb backend
- passdb expand explicit
- passwd chat
- passwd chat debug
- passwd chat timeout
- passwd program
- password hash gpg key ids
- password hash userPassword schemes
- password server
- perfcount module
- pid directory
- preferred master
- prefork backoff increment
- prefork children
- prefork maximum backoff
- preload modules
- printcap cache time
- printcap name
- private dir
- raw NTLMv2 auth
- read raw
- realm
- registry shares
- reject md5 clients
- reject md5 servers
- remote announce
- remote browse sync
- rename user script
- require strong key
- reset on zero vc
- restrict anonymous
- root directory
- rpc big endian
- rpc server dynamic port range
- rpc server port
- rpc_daemon:DAEMON
- rpc_server:SERVER
- samba kcc command
- security
- server max protocol
- server min protocol
- server multi channel support
- server role
- server schannel
- server services
- server signing
- server string
- set primary group script
- set quota command
- share:fake_fscaps
- share backend
- show add printer wizard
- shutdown script
- smb2 disable lock sequence checking
- smb2 disable oplock break retry
- smb2 leases
- smb2 max credits
- smb2 max read
- smb2 max trans
- smb2 max write
- smbd profiling level
- smb passwd file
- smb ports
- socket options
- spn update command
- spoolss: architecture
- spoolss: os_build
- spoolss: os_major
- spoolss: os_minor
- spoolss_client: os_build
- spoolss_client: os_major
- spoolss_client: os_minor
- stat cache
- state directory
- svcctl list
- syslog
- syslog only
- template homedir
- template shell
- time server
- timestamp logs
- tls cafile
- tls certfile
- tls crlfile
- tls dh params file
- tls enabled
- tls keyfile
- tls priority
- tls verify peer
- unicode
- unix charset
- unix extensions
- unix password sync
- use mmap
- username level
- username map
- username map cache time
- username map script
- usershare allow guests
- usershare max shares
- usershare owner only
- usershare path
- usershare prefix allow list
- usershare prefix deny list
- usershare template share
- utmp
- utmp directory
- winbind:ignore domains
- winbind cache time
- winbindd socket directory
- winbind enum groups
- winbind enum users
- winbind expand groups
- winbind max clients
- winbind max domain connections
- winbind nested groups
- winbind normalize names
- winbind nss info
- winbind offline logon
- winbind reconnect delay
- winbind refresh tickets
- winbind request timeout
- winbind rpc only
- winbind scan trusted domains
- winbind sealed pipes
- winbind separator
- winbind use default domain
- winbind use krb5 enterprise principals
- winsdb:dbnosync
- winsdb:local_owner
- wins hook
- wins proxy
- wins server
- wins support
- workgroup
- wreplsrv:periodic_interval
- wreplsrv:propagate name releases
- wreplsrv:scavenging_interval
- wreplsrv:tombstone_extra_timeout
- wreplsrv:tombstone_interval
- wreplsrv:tombstone_timeout
- wreplsrv:verify_interval
- write raw
- wtmp directory
- Unix Settings
- Messages
- Scripts
- Sudo Rights
- smb.conf