Reference > Preferences > Performance >

Service Manager TCP Connection

Starting with Windows Vista connections to remote service managers (which is used by PDQ Deploy for most of its tasks) can use TCP in addition to Named Pipes. Read Microsoft's documentation on this change.

How Windows connects with TCP can be configured as follows:

Setting

Description

Default

Let Windows decide how to connect.  The current default is to try using TCP and then try Named Pipes with a timeout for the TCP connection of 21 seconds.

Disabled

Only use Named Pipes.

Timeout

Connect as Default above but with a different timeout.

Considerations

Whether to use TCP can have a number of implications for both performance and authentication.

Default TCP timeout

The default TCP tiimeout of 21 seconds will cause remote connections to be slow if firewall settings prevent access to the RPC ports. Blocking RPC is quite common, so if scans are typically in the "Connecting" state for longer than 20 seconds then lowering the timeout or disabling TCP may be in order.

Authentication and TCP

Unlike Named Pipes, TCP uses the credentials of the connecting process instead of the credentials of an SMB connection.  This can cause Access Denied to Service Manager errors when connecting to computers in different domains (or non-Domain computers).  To fix this disable TCP and use only Named Pipes.

System wide setting

These settings are system wide, they can't be set per process or application.  Be aware that changing these values will affect other applications that use remote service manager connections, such as <%DEPLOYTITLE%> and the Windows Services control.

 

PDQ Deploy Version 2.3.0 (beta 1) © 2013 Admin Arsenal