RPC Endpoint Mapper Authentication and Hardening

RPC Endpoint Mapper Authentication and Hardening

4 Minutes Read Updated on May 21, 2025

RPC Endpoint Mapper

This policy setting determines if RPC clients authenticate with the Endpoint Mapper Service when their call includes authentication data. The Endpoint Mapper Service on Windows NT4 (all service packs) is unable to process authentication data provided in this manner.

Disabling this policy means RPC clients won’t authenticate with the Endpoint Mapper Service, but they can still communicate with it on Windows NT4 Server.

The recommended state for this setting is: Enabled.

Enable RPC authentication

To modify these policies using the Group Policy Object (GPO) editor:

  1. Click Start> type msc > hit Enter to open the Local Group Policy Editor.
  1. To enable the equivalent of EnableAuthEpResolution settings, navigate to Computer ConfigurationAdministrative TemplatesSystemRemote Procedure CallEnable RPC Endpoint Mapper Client Authentication, then select one of the two available settings:
  • Disabled– This setting is the default. RPC clients won’t authenticate to the Endpoint Mapper Service, but they’ll be able to communicate with the Endpoint Mapper Service on Windows NT4 Server.
  • Enabled– PC clients authenticate via the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls won’t be able to communicate with the Windows NT4 Server Endpoint Mapper Service.

Changes to either setting require a system reboot for them to take effect.

Important Note *

The following Group Policy settings found in Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options cannot be used with EnableAuthEpResolution:

  • Network security: Restrict NTLM: Incoming NTLM traffic – “Deny All Accounts”
  • Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers – “Deny All”

It’s encouraged to move away from NTLM to better secure your environment. If faced with a choice between restricting NTLM and using EnableAuthEpResolution, the recommended approach is that you restrict NTLM in your environment.

white paper for hardening project

Enable RPC Endpoint Mapper Client Authentication via GPO

This policy setting will not be applied until the system is rebooted.

Registry Hive HKEY_LOCAL_MACHINE
Registry Path SoftwarePoliciesMicrosoftWindows NTRpc
Value Name EnableAuthEpResolution
Value Type REG_DWORD
Enabled Value 1
Disabled Value 0

Vulnerabilities

Vulnerabilities in the Microsoft RPC Endpoint Mapper service can have severe consequences, as they can potentially allow remote attackers to execute arbitrary code or escalate privileges on the target system.

The EternalBlue exploit, notably used in the WannaCry ransomware attack of 2017, targeted a vulnerability (CVE-2017-0143) in the Server Message Block (SMB) protocol on Windows systems. This vulnerability enabled attackers to execute remote code with SYSTEM privileges by exploiting improper handling of requests by the RPC Endpoint Mapper service.

CVE-2022-37958 While EternalBlue exploits a vulnerability solely within Microsoft’s implementation of the Server Message Block (SMB) protocol, this vulnerability spans a much broader range of protocols. This code-execution vulnerability enables attackers to trigger the flaw through any Windows application protocol that requires authentication. This includes attempts to connect to an SMB share or through Remote Desktop.

Group Policy Guide for Baseline Hardening

Ensure ‘Enable RPC Endpoint Mapper Client Authentication’ is set to ‘Enabled’

 

This policy determines RPC client authentication with the Endpoint Mapper Service. Applying it to NT4 systems can cause issues, particularly with 1-way forest trusts

The impact of enabling the policy setting is that RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls will not be able to communicate with the Windows NT4 Server Endpoint Mapper Service.

The solution is to establish the recommended configuration via GP, set the following UI path to Enabled:

Computer ConfigurationPoliciesAdministrative TemplatesSystemRemote Procedure CallEnable RPC Endpoint Mapper Client Authentication

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template RPC.admx/adml that is included with the Microsoft Windows 8.0 & Server 2012 (non-R2) Administrative Templates (or newer).

 

Enhancing Security with Automated Hardening

Implementing automated hardening measures for the RPC Endpoint Mapper Client Authentication mechanism can significantly bolster the overall security posture of Windows systems. By automating the process of applying recommended security configurations, organizations can ensure consistent and timely mitigation of known vulnerabilities related to this critical component.

Automated hardening eliminates the potential for human error during manual configuration and guarantees that all systems within the environment adhere to the latest security best practices. Additionally, it streamlines the process of keeping systems up-to-date with the latest security updates, reducing the window of exposure to potential threats.

By embracing automated hardening strategies, organizations can proactively protect their Windows infrastructure from exploitation attempts targeting RPC Endpoint Mapper Client Authentication vulnerabilities, minimizing the risk of remote code execution, privilege escalation, and other malicious activities.

cis server hardening

Ben Balkin
Ben Balkin is a professional writer and blogger specializing in technology and innovation. As a contributor to the Calcom blog, Ben shares practical insights, useful tips, and engaging articles designed to simplify complex processes and make advanced technological solutions accessible to everyone. His writing style is clear, insightful, and inspiring, reflecting his strong belief in technology's power to enhance quality of life and empower businesses.

Related Articles

NIST server hardening: Guide for NIST 800-123

NIST server hardening: Guide for NIST 800-123

January 30, 2024

The NIST SP 800-123 Guide to General Server Security contains NIST recommendations on how to…

Group Policy Guide for Baseline Hardening

Group Policy Guide for Baseline Hardening

September 27, 2023

Creating a safe and secure environment is a top priority for all types of organizations.…

Windows Server 2019 Hardening with CIS Benchmarks, Minimizing Outages

Windows Server 2019 Hardening with CIS Benchmarks, Minimizing Outages

May 18, 2020

One of the biggest challenges in server hardening is to ensure that your hardening actions…

Ready to simplify compliance?

See automated compliance in action—book your demo today!

Share this article