DTC & SQL Server 2000 Security

Perhaps someone can answer this question. I was given a document from a Microsoft consultant and setting up a secure SQL Server 2000 server for my company. This document is being used to setup standards for our enterprise implementation of SQL Servers.

In the document, it has a procedure of disabling the MSDTC service stating that, "the DTC can be used by COM+ applications to manage transactions across multiple database servers." But it really doesn't suffieniently state why this is a good security practice. Can anyone out there tell me why this is a good idea.

Background: We use the Standard Edition, and currently have no distributed servers out there, nor do we have replication. A side note, just recently we have been asked to install a replicated server for fail-over capability. Will disabling the DTC service hinder us?

gpl :-)

Replication will only be affected if you have Immediate Updating subscriptions to transactional publications. Immediate Updating subscribers require MSDTC, since it's a 2 phase commit transaction relying on MSDTC service running.

DTC

Does anyone have any instructions on how to setup the MSDTC properly and
make it work with all the security updates. I am trying to communicate
between to windows 2000 machines and I am getting:

Error 8524
The current Transaction could not be Exported to the Remote Provider.

The distributed transaction works fine on to instances of SQL Server 2000 on
the same machine.

RandySorry Correction

I am running on XP SP2 and trying to establish a transaction with Windows
2000 Server SP4.

"Randal" <rfraser@.novaflow.com> wrote in message
news:X8q5g.497$VV2.39662@.news20.bellglobal.com...
> Does anyone have any instructions on how to setup the MSDTC properly and
> make it work with all the security updates. I am trying to communicate
> between to windows 2000 machines and I am getting:
> Error 8524
> The current Transaction could not be Exported to the Remote Provider.
> The distributed transaction works fine on to instances of SQL Server 2000
> on the same machine.
> Randy

dt_ stored procedures

I am trying to use microsoft access project file to access msde databases on local workstations. I have to set the users security to db_owner due to the application requirements.
The problem users are having is since they are owners they see the dt_?? stored procedures in the queries list which are created when access addes a table to the database.
I need to keep these "Version Control" stored procedures from being created. I have tried triggers on the sysobject table but this is not allowed. The users can not delete the triggers due to sql security.
I did find out that in access if the view system objects is not check the dt_ stored procedures will not show up. But I still want to stop these from being created.
Any ideas on how to stop them from being created.
dt_ procedures are created by default (I thought only when diagrams are
created). I don't believe you can prevent them from being created, however
you could have the app use a custom query from INFORMATION_SCHEMA views that
leaves out any objects that start with dt_
http://www.aspfaq.com/
(Reverse address to reply.)
"Eric Brasher" <Eric Brasher@.discussions.microsoft.com> wrote in message
news:FAB9C710-45A0-47D2-9914-CB94D55138F4@.microsoft.com...
> I am trying to use microsoft access project file to access msde databases
on local workstations. I have to set the users security to db_owner due to
the application requirements.
> The problem users are having is since they are owners they see the
dt_?? stored procedures in the queries list which are created when access
addes a table to the database.
> I need to keep these "Version Control" stored procedures from being
created. I have tried triggers on the sysobject table but this is not
allowed. The users can not delete the triggers due to sql security.
> I did find out that in access if the view system objects is not check the
dt_ stored procedures will not show up. But I still want to stop these from
being created.
> Any ideas on how to stop them from being created.