MSDTC Changes Since Windows 2003 SP1

MSDTC was enhanced with the introduction of SP1 for Windows 2003 and with SP2 for Windows XP. There are many articles about the changes and extra security that are a part of this. One important KB is: https://support.microsoft.com/kb/899191. There are also many useful comments on the following Blog: https://blogs.msdn.com/florinlazar/. These are definitely worth reviewing.

However, one thing that I had failed to find was screenshots showing the difference in the user interfaces of the DTC security settings. Below, first you can see the setting available to Windows 2003 RTM, and this is followed by the altered configuration options in SP1. Although the settings shown should give the same security behaviour, it does not take advantage of the new security functionality that SP1 had to offer, and to ensure best practice the configuration should be changed to tighten securty as much as possible. (for just one example. Mutual Authentication). However the settings used here should be taylored to the specific environment.

         

Chris Forster