{ "id": "40f03dd7-c1da-4e3f-a6f1-bf3fae33cde8", "created_at": "2026-04-06T00:09:26.025913Z", "updated_at": "2026-04-10T03:21:24.055968Z", "deleted_at": null, "sha1_hash": "75861748ceb8f1e1a46b40685cadb0dbbb7e9fbb", "title": "[MS-SAMR]: Transport", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 40221, "plain_text": "[MS-SAMR]: Transport\r\nBy v-pachauhan\r\nArchived: 2026-04-05 18:34:49 UTC\r\nThis protocol configures the RPC runtime to perform a strict Network Data Representation (NDR) data\r\nconsistency check at target level 5.0, as specified in [MS-RPCE] section 3.\r\nThis protocol uses UUID 12345778-1234-ABCD-EF00-0123456789AC to identify the RPC interface.\r\nThis protocol enables the ms_union extension that is specified in [MS-RPCE] section 2.2.4.\r\nThis protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles\r\nthat are created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.\r\nThis protocol uses the following RPC protocol sequences:\u003c7\u003e\r\nRPC over SMB, as specified in [MS-RPCE] section 2.1.1.2.\u003c8\u003e\r\nThis protocol uses the pipe name \"\\PIPE\\samr\" for the endpoint name.\u003c9\u003e\r\nRPC over TCP.\u003c10\u003e\r\nThis protocol uses RPC dynamic endpoints, as specified in [C706] section 6.\r\nThis protocol MUST indicate to the RPC runtime that it is to support both the Network Data Representation\r\n(NDR) and 64-bit Network Data Representation (NDR64) transfer syntaxes and provide a negotiation mechanism\r\nfor determining which RPC transfer syntax will be used, as specified in [MS-RPCE] section 3.\r\nThis protocol MUST use the UUID as specified previously. The RPC version number is 1.0.\r\nThe protocol uses the underlying RPC protocol to retrieve the identity of the client that made the method call, as\r\nspecified in [MS-RPCE] section 3.3.3.4.3. The server SHOULD use this identity to perform method-specific\r\naccess checks, as specified in the message processing section of each method.\u003c11\u003e\r\nRPC clients for this protocol MUST use the authentication level RPC_C_AUTHN_LEVEL_NONE when\r\ninvoking RPC over SMB methods.\r\nThe server SHOULD\u003c12\u003e reject calls that do not use an authentication level of either\r\nRPC_C_AUTHN_LEVEL_NONE or RPC_C_AUTHN_LEVEL_PKT_PRIVACY (see [MS-RPCE] section\r\n2.2.1.1.8).\r\nRPC clients for this protocol MUST use RPC over TCP/IP for the SamrValidatePassword method and MUST use\r\nRPC over SMB for the SamrSetDSRMPassword method.\r\nhttps://msdn.microsoft.com/library/cc245496.aspx\r\nPage 1 of 2\n\nRPC clients MUST use only RPC over SMB for the SamrSetInformationUser and SamrSetInformationUser2\r\nmethods when UserInformationClass is UserAllInformation, UserInternal1Information, UserInternal4Information,\r\nUserInternal4InformationNew, UserInternal5Information, UserInternal5InformationNew,\r\nUserInternal7Information, or UserInternal8Information.\r\nFor the SamrValidatePassword method, the client SHOULD use transport security to encrypt the message because\r\nthe message contents contain cleartext password data. That is, the client SHOULD use an SPNEGO security\r\nprovider, as specified in [MS-RPCE] section 2.2.1.1.7, and SHOULD use the packet authentication level, as\r\nspecified in [MS-RPCE] section 3.3.1.5.2.\u003c13\u003e\r\nSource: https://msdn.microsoft.com/library/cc245496.aspx\r\nhttps://msdn.microsoft.com/library/cc245496.aspx\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://msdn.microsoft.com/library/cc245496.aspx" ], "report_names": [ "cc245496.aspx" ], "threat_actors": [], "ts_created_at": 1775434166, "ts_updated_at": 1775791284, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/75861748ceb8f1e1a46b40685cadb0dbbb7e9fbb.pdf", "text": "https://archive.orkl.eu/75861748ceb8f1e1a46b40685cadb0dbbb7e9fbb.txt", "img": "https://archive.orkl.eu/75861748ceb8f1e1a46b40685cadb0dbbb7e9fbb.jpg" } }