A blog by Jose Barreto, a member of the File Server team at Microsoft.
All messages posted to this blog are provided "AS IS" with no warranties, and confer no rights.
Information on unreleased products are subject to change without notice.
Dates related to unreleased products are estimates and are subject to change without notice.
The content of this site are personal opinions and might not represent the Microsoft Corporation view.
The information contained in this blog represents my view on the issues discussed as of the date of publication.
You should not consider older, out-of-date posts to reflect my current thoughts and opinions.
© Copyright 2004-2012 by Jose Barreto. All rights reserved.
Follow @josebarreto on Twitter for updates on new blog posts.
During a recent internal conference, someone asked me about how DFS-R (DFS Replication) in Windows Server 2008 R2 secures its communication. I wasn’t sure at the time, so I talked to a few people that work with DFS-R and spent some time looking into that.
It turns out that DFS-R uses security above and beyond many other file-related protocols, since it was designed from the beginning with WANs in mind. DFS-R uses authenticated encrypted RPC (remote procedure calls) for all replication communication. RPC encryption can use both NTLM and Kerberos authentication methods. It is not possible to disable the use of encrypted RPC by the DFS Replication service.
For more questions and answers on DFS-R, see the FAQ at http://technet.microsoft.com/en-us/library/cc773238(WS.10).aspx
You can learn more about the protocols used by DFS-R at http://msdn.microsoft.com/en-us/library/dd304174(PROT.13).aspx