I see it relates to DCOM Default Authentication Level, which has in total, 7 fields in the Component Services Windows admin tool. That is in this order, from top of the list to the bottom as it appears; Default, None, Call, Connect, Packet, Packet integrity and Packet Privacy.
I only see one resources on the internet, as of yet:
"I've found another workaround by setting HKLM\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel=6. This takes effect immediately, and changes outbound RPC to attempt connection with packet privacy"
I'm guessing if we count 0 as a value in the dword key, and packet privacy is the last level on the list, it could make sense that 'Packet Privacy' is 6, with 0 possibly being default? I've made a key, since there was none, and set it to 1, thinking it means none, going by the order of the list. But making a key regardless of value, stopped lsass.exe constantly querying this registry path.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService
(DWORD key) DefaultAuthLevel
Anyone know a concrete answer to the values for this key or to stop this querying happening without setting a key?
Thanks.
I only see one resources on the internet, as of yet:
"I've found another workaround by setting HKLM\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel=6. This takes effect immediately, and changes outbound RPC to attempt connection with packet privacy"
I'm guessing if we count 0 as a value in the dword key, and packet privacy is the last level on the list, it could make sense that 'Packet Privacy' is 6, with 0 possibly being default? I've made a key, since there was none, and set it to 1, thinking it means none, going by the order of the list. But making a key regardless of value, stopped lsass.exe constantly querying this registry path.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService
(DWORD key) DefaultAuthLevel
Anyone know a concrete answer to the values for this key or to stop this querying happening without setting a key?
Thanks.