Partager via


7 Appendix B: Product Behavior

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.

The terms "earlier" and "later", when used with a product version, refer to either all preceding versions or all subsequent versions, respectively. The term "through" refers to the inclusive range of versions. Applicable Microsoft products are listed chronologically in this section.

The following tables show the relationships between Microsoft product versions or supplemental software and the roles they perform.

Windows Client releases

Client role

Server role

Windows NT operating system

Yes

Yes

Windows 2000 Professional operating system

Yes

Yes

Windows XP operating system

Yes

Yes

Windows Vista operating system

Yes

Yes

Windows 7 operating system

Yes

Yes

Windows 8 operating system

Yes

Yes

Windows 8.1 operating system

Yes

Yes

Windows 10 operating system

Yes

Yes

Windows 11 operating system

Yes

Yes

Windows Server releases

Client role

Server role

Windows NT

Yes

Yes

Windows 2000 Server operating system

Yes

Yes

Windows Server 2003 operating system

Yes

Yes

Windows Server 2003 R2 operating system

Yes

Yes

Windows Server 2008 operating system

Yes

Yes

Windows Server 2008 R2 operating system

Yes

Yes

Windows Server 2012 operating system

Yes

Yes

Windows Server 2012 R2 operating system

Yes

Yes

Windows Server 2016 operating system

Yes

Yes

Windows Server operating system

Yes

Yes

Windows Server 2019 operating system

Yes

Yes

Windows Server 2022 operating system

Yes

Yes

Windows Server 2025 operating system

Yes

Yes

Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.

<1> Section 2.1: The Windows RPC server and RPC client do not support TCP/IP on Windows NT and Windows 2000 operating system.

<2> Section 2.1: The endpoint "\PIPE\lsarpc" by default allows anonymous access on Windows NT 3.1 operating system, Windows NT 3.5 operating system, Windows NT 3.51 operating system, Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 R2, and Windows Vista. Anonymous access to this pipe is removed by default on Windows Vista operating system with Service Pack 1 (SP1) and later and Windows Server 2008 and later. Pipe access check happens before any other access check, and hence overrides any other access.

<3> Section 2.1: If the client uses an unsupported RPC protocol sequence, the RPC server implementations in Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2003 R2 return RPC_S_PROTSEQ_NOT_SUPPORTED (as specified in [MS-ERREF]). Windows Vista and later and Windows Server 2008 and later throw an RPC exception with status code ERROR_ACCESS_DENIED.

<4> Section 2.1: Servers running Windows 2000, Windows XP, and Windows Server 2003 accept calls at any authentication level. Without [MSKB-3149090] installed, servers running Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 v1507 operating system, or Windows 10 v1511 operating system also accept calls at any authentication level. 

<5> Section 2.2: The following table contains a timeline of when a particular data type was introduced.

Data type name

Windows version

LSAPR_HANDLE

Windows NT 3.1

STRING

Windows NT 3.1

LSAPR_ACL

Windows NT 3.1

SECURITY_DESCRIPTOR_CONTROL

Windows NT 3.1

LSAPR_SECURITY_DESCRIPTOR

Windows NT 3.1

SECURITY_IMPERSONATION_LEVEL

Windows NT 3.1

SECURITY_CONTEXT_TRACKING_MODE

Windows NT 3.1

SECURITY_QUALITY_OF_SERVICE

Windows NT 3.1

LSAPR_OBJECT_ATTRIBUTES

Windows NT 3.1

ACCESS_MASK

Windows NT 3.1

LSAPR_TRUST_INFORMATION

Windows NT 3.1

LSAPR_REFERENCED_DOMAIN_LIST

Windows NT 3.1

SID_NAME_USE

Windows NT 3.1

LSA_TRANSLATED_SID

Windows NT 3.1

LSAPR_TRANSLATED_SIDS

Windows NT 3.1

LSAP_LOOKUP_LEVEL

Windows NT 3.1

LSAPR_SID_INFORMATION

Windows NT 3.1

LSAPR_SID_ENUM_BUFFER

Windows NT 3.1

LSAPR_TRANSLATED_NAME

Windows NT 3.1

LSAPR_TRANSLATED_NAMES

Windows NT 3.1

LSAPR_TRANSLATED_NAME_EX

Windows 2000

LSAPR_TRANSLATED_NAMES_EX

Windows 2000

LSAPR_TRANSLATED_SID_EX

Windows 2000

LSAPR_TRANSLATED_SIDS_EX

Windows 2000

LSAPR_TRANSLATED_SID_EX2

Windows XP, Windows Server 2003

LSAPR_TRANSLATED_SIDS_EX2

Windows XP, Windows Server 2003

<6> Section 2.2.13: The following table contains a timeline of when a particular enumeration value was introduced.

Enumeration value

Enumeration name

Windows version

1

SidTypeUser

Windows NT 3.1

2

SidTypeGroup

Windows NT 3.1

3

SidTypeDomain

Windows NT 3.1

4

SidTypeAlias

Windows NT 3.1

5

SidTypeWellKnownGroup

Windows NT 3.1

6

SidTypeDeletedAccount

Windows NT 3.1

7

SidTypeInvalid

Windows NT 3.1

8

SidTypeUnknown

Windows NT 3.1

9

SidTypeComputer

Windows 2000

10

SidTypeLabel

Windows Vista, Windows Server 2008

<7> Section 2.2.15: The Windows RPC server and RPC client limit the Entries field of this structure to 1,000 (using the range primitive defined in [MS-RPCE]) in Windows XP operating system Service Pack 2 (SP2) and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0 operating system, Windows 2000, and Windows XP do not have this restriction.

<8> Section 2.2.16: The following table contains a timeline of when particular enumeration values were introduced.

Enumeration value

Enumeration name

Windows version

1

LsapLookupWksta

Windows NT 3.1

2

LsapLookupPDC

Windows NT 3.1

3

LsapLookupTDL

Windows NT 3.1

4

LsapLookupGC

Windows 2000

5

LsapLookupXForestReferral

Windows XP, Windows Server 2003

6

LsapLookupXForestResolve

Windows XP, Windows Server 2003

7

LsapLookupRODCReferralToFullDC

Windows Vista, Windows Server 2008

<9> Section 2.2.18: The Windows implementation of the RPC server and RPC client limits the Entries field of this structure to 0x5000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.

<10> Section 2.2.20: The Windows RPC server and RPC client limit the Entries field of this structure to 0x5000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.

<11> Section 2.2.21: The following table contains a timeline of when each flag value was introduced.

Flag value

Windows version

0x00000001

Windows 2000

0x00000002

Windows XP, Windows Server 2003

0x00000004

Windows Vista, Windows Server 2008

<12> Section 2.2.22: The Windows RPC server and RPC client limit the Entries field of this structure to 0x5000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.

<13> Section 2.2.23: The following table contains a timeline of when each flag value was introduced.

Flag value

Windows version

0x00000001

Windows 2000

0x00000002

Windows XP, Windows Server 2003

0x00000004

Windows Vista, Windows Server 2008

<14> Section 2.2.24: The Windows RPC server and RPC client limit the Entries field of this structure to 1,000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.

<15> Section 2.2.25: The following table contains a timeline of when each flag value was introduced.

Flag value

Windows version

0x00000001

Windows 2000

0x00000002

Windows XP, Windows Server 2003

0x00000004

Windows Vista, Windows Server 2008

<16> Section 2.2.26: The Windows RPC server and RPC client limit the Entries field of this structure to 1,000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.

<17> Section 3.1.1.1: Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, and Windows NT 4.0, when creating these views, leave the Domain DNS Name, Default User Principal Names, User Principal Name, and Security Principal SID History columns empty; therefore, they cannot be used for matching.

<18> Section 3.1.1.1.1: The Enterprise Domain Controllers, Self, Authenticated Users, Restricted, and Terminal Server User entries were added in Windows 2000.

The Local Service, Network Service, and Remote Interactive Logon entries were added in Windows XP.

The This Organization and Other Organization entries were added in Windows Server 2003.

<19> Section 3.1.1.1.1: The entries in the table that precedes this citation in section 3.1.1.1.1 were added in Windows Server 2003.

<20> Section 3.1.1.1.1: The entries in the table that precedes this citation in section 3.1.1.1.1 were added in Windows Vista.

<21> Section 3.1.4: The Windows implementation of this protocol asks the RPC engine to do the following:

  • Perform a strict Network Data Representation (NDR) data consistency check at target level 5.0 (as specified in [MS-RPCE] section 3) in all version of Windows except Windows NT.

  • Include support for both NDR and NDR64 transfer syntaxes, as well as the negotiation mechanism for determining what transfer syntax will be used (as specified in [MS-RPCE] section 3) in Windows XP and later and Windows Server 2003 and later.

  • Via the strict_context_handle attribute, reject the use of context handles created by a method of a different RPC interface than this one (as specified in [MS-RPCE] section 3).

<22> Section 3.1.4: The following table contains a timeline of when each method was introduced.

Opnum

Friendly name

Product

0

LsarClose

Windows NT 3.1

6

LsarOpenPolicy

Windows NT 3.1

14

LsarLookupNames

Windows NT 3.1

15

LsarLookupSids

Windows NT 3.1

44

LsarOpenPolicy2

Windows NT 3.51

45

LsarGetUserName

Windows NT 4.0

57

LsarLookupSids2

Windows 2000

58

LsarLookupNames2

Windows 2000

68

LsarLookupNames3

Windows XP, Windows Server 2003

76

LsarLookupSids3

Windows XP, Windows Server 2003

77

LsarLookupNames4

Windows XP, Windows Server 2003

<23> Section 3.1.4: Some gaps in the opnum numbering sequence correspond to opnums that are documented in [MS-LSAD]. All other gaps in the opnum numbering sequence apply to Windows as follows.

Opnum

Description

1

Used only locally by Windows, never remotely.

5

Not used by Windows.

9

Not used by Windows.

21

Not used by Windows.

22

Not used by Windows.

52

Not used by Windows.

56

Used only locally by Windows, never remotely.

60

Used only locally by Windows, never remotely.

61

Used only locally by Windows, never remotely.

62

Used only locally by Windows, never remotely.

63

Used only locally by Windows, never remotely.

64

Used only locally by Windows, never remotely.

65

Used only locally by Windows, never remotely.

66

Used only locally by Windows, never remotely.

67

Used only locally by Windows, never remotely.

69

Used only locally by Windows, never remotely.

70

Used only locally by Windows, never remotely.

71

Used only locally by Windows, never remotely.

72

Used only locally by Windows, never remotely.

75

Used only locally by Windows, never remotely.

<24> Section 3.1.4.5: The Windows RPC server and RPC client limit the Count field of this structure to 1,000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.

<25> Section 3.1.4.5: For Windows, usage of 0x00000001 for ClientRevision implies a client that is running an operating system released before Windows 2000 (Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, and Windows NT 4.0). Usage of 0x00000002 implies that the client is running an operating system version of Windows 2000 and later.

<26> Section 3.1.4.5:  Applies to Windows 11, version 24H2 operating system and later, and to Windows Server 2025 and later.

<27> Section 3.1.4.5: Windows 2000 Server, Windows Server 2003, and Windows Server 2003 R2 do not match names in user principal name form if ALL of the following are true:

  • LookupLevel is either LsapLookupWksta or LsapLookupPDC.

  • The server is a domain controller.

  • ClientRevision is 0x00000001.

  • The server is in a mixed domain environment.

<28> Section 3.1.4.5: On a domain-joined, non-DC machine, when 0x80000000 is passed for the LookupOptions argument with a mix of isolated and composite names that cannot be matched in the views that are to be searched, Windows XP and later and Windows Server 2003 and later return STATUS_SOME_NOT_MAPPED.

<29> Section 3.1.4.6: All versions of Windows that implement this method (LsarLookupNames3) also implement LsarLookupNames4 (both in terms of client and server); hence, this method does not need to be implemented to interoperate with Windows clients or servers. The choice of which method to call depends on whether the client has a local security authority (LSA) policy handle or an RPC binding handle. Complete compatibility with Windows supports both calls.

<30> Section 3.1.4.6: The Windows implementation of the RPC server and RPC client limits the Count field of this structure to 1,000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.

<31> Section 3.1.4.7: A Windows RPC server can optionally be configured to deny this call, and the error returned in this case is STATUS_NOT_SUPPORTED.

<32> Section 3.1.4.7: The Windows RPC server and RPC client limit the Count field of this structure to 1,000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.

<33> Section 3.1.4.8: The Windows RPC server and RPC client limit the Count field of this structure to 1,000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.

<34> Section 3.1.4.9:  Applies to Windows 11, version 24H2 and later, and to Windows Server 2025 and later.

<35> Section 3.1.4.10: The Windows RPC client sets LookupOptions to 0.

<36> Section 3.2: Windows clients negotiate the highest revision supported by the server by first calling the highest revision supported for that client. If the RPC exception that indicates that the function is out of range is returned from the server (exception number 0x6d1), the client proceeds to call the next lower revision. This process is repeated until the oldest possible revision supported by the client is invoked or until the server responds to the request.

<37> Section 5.1: The Windows RPC server for this protocol is customizable to allow anonymous callers to make requests for compatibility with Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, and Windows NT 4.0 machines.