Policy
Configure RPC listener settings
Microsoft Windows
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016
This policy setting controls which protocols incoming RPC connections to the print spooler are allowed to use. By default, RPC over TCP is enabled and Negotiate is used for the authentication protocol. Protocols to allow for incoming RPC connections: -- "RPC over named pipes": Incoming RPC connections are only allowed over named pipes -- "RPC over TCP": Incoming RPC connections are only allowed over TCP (the default option) -- "RPC over named pipes and TCP": Incoming RPC connections will be allowed over TCP and named pipes Authentication protocol to use for incoming RPC connections: -- "Negotiate": Use the Negotiate authentication protocol (the default option) -- "Kerberos": Use the Kerberos authentication protocol If you disable or do not configure this policy setting, the above defaults will be used.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Scope | Element | Type | Registry mapping | Constraints & behavior | Copy |
|---|---|---|---|---|---|
| Computer | Protocols to allow for incoming RPC connections: ID RpcListenerProtocols_Enum | enum | Path Software\Policies\Microsoft\Windows NT\Printers\RPC Value name RpcProtocols Type REG_DWORD | Options: RPC over named pipes (3), RPC over TCP (5), RPC over named pipes and TCP (7) | |
| Computer | Authentication protocol to use for incoming RPC connections: ID RpcAuthenticationProtocol_Enum | enum | Path Software\Policies\Microsoft\Windows NT\Printers\RPC Value name ForceKerberosForRpc Type REG_DWORD | Options: Negotiate (0), Kerberos (1) |