Description of the RPC over HTTP feature and the AllowAnonymous registry entry in Windows Server 2003

This article contains information about the AllowAnonymous registry entry that is located in the following registry key:Additionally, this article discusses some things that you may want to consider about the use of this registry entry when you configure Remote Procedure Call (RPC) over HTTP in your organization. The RPC over HTTP feature in Microsoft Windows Server 2003 enables Microsoft Office Outlook 2003 users and Microsoft Office Outlook 2007 users to connect to Microsoft Exchange Server 2003 over the Internet even if firewalls intervene.

If the AllowAnonymous registry entry is either not present or if it is set to 0 (zero), RPC Proxy checks whether the client connection is authenticated, and whether Security Sockets Layer (SSL), or another type of encryption, is used. If the client connection is not authenticated or if SSL, or another type of encryption, is not used, the client connection is rejected. If the AllowAnonymous registry entry is set to a non-zero value, both unencrypted and anonymous client connections are permitted.

The AllowAnonymous registry entry is an addition to any settings that are configured at the virtual directory level. For example, if anonymous access is disabled on a virtual directory in Microsoft Internet Information Services (IIS), and the AllowAnonymous registry entry is set to a non-zero value, anonymous access is still blocked in IIS.

Microsoft recommends against using the AllowAnonymous registry entry in a production environment. Use the AllowAnonymous registry entry only in test environments that are on closed networks that do not have outside access. Note that a computer that is connected to the Internet and that is running the RPC Proxy with the AllowAnonymous registry entry set to non-zero value may be vulnerable to attacks.

If you have to use the AllowAnonymous registry entry, use it on the server that is configured as the RPC Proxy only when you use an advanced firewall server program such as Microsoft Internet Security and Acceleration (ISA) Server 2000. Use the AllowAnonymous registry entry only in an environment where Secure Sockets Layer (SSL) is terminated on the perimeter firewall and requests are sent to the server that is configured as the RPC Proxy. Do not disable SSL on client connections unless you have an isolated network. In all situations, Outlook 2003 users must use a secure connection.

For more information about RPC over HTTP, visit the following Microsoft Web site: For more information about how to deploy RPC over HTTP, visit the following Microsoft Web site: For more information about using Microsoft Exchange over the Internet with Outlook 2003, see the "Using Microsoft Exchange over the Internet (RPC over HTTP) with Microsoft Office Outlook 2003" Support WebCast.

For additional information about how to view the WebCast for using Microsoft Exchange over the Internet (RPC over HTTP) with Microsoft Office Outlook 2003, click the following article number to view the article in the Microsoft Knowledge Base: For more information about Microsoft Exchange Server 2003, visit the following Microsoft Web site: