Great question - thanks for bringing this to our attention. I've looped in our Security Team (Security ) to help out with your question to ensure we can give you a qualified answer.
An initial smoke test by Harry Paul revealed no issues in terms of PI communication, specifically regarding Coresight to the PI Data Archive, but our team is discussing the matter, and hopefully will be able to post back in here shortly with a more thorough response.
Thank you for your attention. I am not too concerned with Coresight and the Data Archive but more so with PI SMT, PI System Explorer, the PI Interface for GSE D/3 DBA, and Excel, to name a few off the top of my head.
These are tools we use daily to manage our environment.
A recent security assessment of the PI System used the Member Server Baseline for 2012R2 in accordance with Microsoft Security Compliance Manager.
SCM typically tracks closely with CIS and STIG but, 'Restrict Unauthenticated RPC clients' was dropped from the SCM baselines after 2008SP2 (btw, the setting was not enabled in the 2008R2 baseline). As a result this policy setting has not been explicitly tested recently or ever that I know of.
I have yet to find the archeology on why the setting was dropped from the baseline. Given restricting anonymous RPC has a checkered past in the 2008 era, this post seems like as good place as any to seek confirmation from the community.
Finally, although there is a time and place for 'anonymous' access, the PI System is designed to support authenticated access based on Windows integrated security. For interfaces, that means planning rollout of PI API 2016 for Windows Integrated Security.