Turning call security off can also be done programmatically. Both the client and the server must call CoInitializeSecurity, setting the authentication level in the dwAuthnLevel parameter to RPC_C_AUTHN_LEVEL_NONE.