During a recent internal conference, someone asked me about how DFS-R (DFS Replication) in Windows Server 2008 R2 secures its communication. I wasn’t sure at the time, so I talked to a few people that work with DFS-R and spent some time looking into that.
It turns out that DFS-R uses security above and beyond many other file-related protocols, since it was designed from the beginning with WANs in mind. DFS-R uses authenticated encrypted RPC (remote procedure calls) for all replication communication. RPC encryption can use both NTLM and Kerberos authentication methods. It is not possible to disable the use of encrypted RPC by the DFS Replication service.
For more questions and answers on DFS-R, see the FAQ at http://technet.microsoft.com/en-us/library/cc773238(WS.10).aspx
You can learn more about the protocols used by DFS-R at http://msdn.microsoft.com/en-us/library/dd304174(PROT.13).aspx