In Windows 11, version 22H2. Microsoft made some changes to enhance security, one of those is the change in the communication of print related operations. Making RPC over TCP the default for client – server communications. They mentioned in the official article that RPC over Named Pipes is still available but is not recommended.
Why is RPC over TCP the new standard? What makes it more secure than RPC over Named Pipes?
Named Pipes are carried over SMB, the file sharing protocol, and therefore share authentication settings with SMB access (and with all other RPC services that are carried over SMB Named Pipes), whereas direct TCP connections use their own RPC-level authentication.
If I understand correctly, this allows the RPC client software to have more direct control over the authentication process, while with Named Pipes it has no choice but let the SMB client software handle it. Although on a properly set up Active Directory domain network (the whole security issue is not applicable to workgroup networks) both methods use Kerberos either way, one difference is that with a direct connection the RPC client could explicitly opt out of "unconstrained delegation" – which was recently the root of a major issue.
