It seems that the recommended set up for the DTC is for the service on a SQL server to be configured to run using the NT AuthorityNetwork Service. I have a SQL server and separate application server which runs a Crystal report that calls an SQL SP on the database server. In order to get this working, the NT AuthorityNetwork Service account needs execute permissions to the appropriate SP. I am concerned that setting the DTC up with such generic permissions may be a security risk. What is the recommended best practice for setting permissions on this kind of things? We are using SQL 2005 and we already have a service account set up in AD to run the ASP.NET web application to connect to the server for general application use. Many Thanks, Robert.