What’s New and Changed
This section provides descriptions of and links to the Windows technical documents that have been revised to reflect the functionality of the latest product version.
New Documentation
|
Specification |
Description |
Release date |
|---|---|---|
|
[MS-RDPEWA]: Remote Desktop Protocol: WebAuthn Virtual Channel Protocol |
Specifies the Remote Desktop Protocol (RDP): WebAuthn Virtual Channel Protocol which provides a way for a user to do WebAuthn operations over the RDP protocol. It enables a server to send webauthn request to a client, the client can then use this request to talk to authenticators (platform as well as cross-platform) and reply with the response. |
September 3, 2022 |
Updated Documentation
Service Releases
The following documents were updated for service releases after the April 2022 release for Windows 11, version 22H2 operating system.
|
Specifications with service release updates |
Description |
Release date |
|---|---|---|
|
Specifies the Active Directory Schema Attributes M, which contains a partial list of the objects that exist in the Active Directory schema (attributes beginning with M). This document has been updated as follows: Added new Active Directory schema attribute-elements to support new Local Administrator Password Solution (LAPS) feature in Windows. |
March 6, 2023 |
|
|
Specifies the Mobile Device Management Protocol (MDM), a subset of the Open Mobile Association (OMA) standard protocol, which provides a mechanism for managing devices previously enrolled into a management system through the Microsoft Mobile Device Management Enrollment Protocol [MS-MDE]. This document has been updated as follows: In section 3.2.5.1, updated product note that in March 2023 support for user sessions multi-session edition only in Windows Virtual Desktop (WVD) was backported to Windows 10 v2004 (21H1) and later. |
March 6, 2023 |
|
|
Specifies the core functionality of Active Directory. Active Directory extends and provides variations of the Lightweight Directory Access Protocol (LDAP). This document has been updated as follows: In section 3.1.1.3.2 rootDSE Attributes, added three new rootDSEattributes to the Attribute tables along with operating system applicabilities to improve user database optimizations. |
February 27, 2023 |
|
|
[MS-SAMR]: Security Account Manager (SAM) Remote Protocol (Client-to-Server) |
Specifies the Security Account Manager (SAM) Remote Protocol, which supports management functionality for an account store or directory containing users and groups. The goal of the protocol is to enable IT administrators and users to manage users, groups, and computers. This document has been updated as follows: Created new method 'SamrValidateComputerAccountReuseAttempt' that confirms whether client attempts to re-use a particular computer account are allowed. Also added supporting flag that controls availability of the method. |
February 27, 2023 |
|
Specifies the Network Controller Protocol, which is used by tenants and network administrators to control data center networking. Common tasks that would use these APIs include designing and monitoring a virtual network in a data center. This document has been updated as follows: In section 3.2.5.1, updated product note that in February 2023 support for user sessions multi-session edition only in Windows Virtual Desktop (WVD) was backported to Windows 10 v2004 (21H1) and later. |
January 30, 2023 |
|
|
[MS-CSRA]: Certificate Services Remote Administration Protocol |
Specifies the Certificate Services Remote Administration Protocol, which consists of a set of Distributed Component Object Model (DCOM) interfaces that enable administrative tools to configure the state and policy of a certification authority (CA) on a server. This document has been updated as follows: Clients of Certificate Authority (CA) servers are now provided with a significantly higher level of security when connecting with CA servers, with the use of the RPC_C_AUTHN_LEVEL_PKT_PRIVACY authentication level. Clients must now use this authentication level, otherwise CA servers will not allow client connections to succeed. This feature is supported by the administrative component of CA servers. This issue is addressed in the Active Directory Certificates elevation of privilege issue that is described in [MSFT-CVE-2022-37976]. |
December 16, 2022 |
|
Specifies the Windows Client Certificate Enrollment Protocol, which consists of a set of DCOM interfaces that enable clients to request various services from a certification authority (CA). These services enable X.509 (as specified in [X509]) digital certificate enrollment, issuance, revocation, and property retrieval. This document has been updated as follows: Clients of Certificate Authority (CA) servers are now provided with a significantly higher level of security when connecting with CA servers, with the use of the RPC_C_AUTHN_LEVEL_PKT_PRIVACY authentication level. Clients must now use this authentication level, otherwise CA servers will not allow client connections to succeed. This issue is further addressed in the Active Directory Certificates elevation of privilege issue that is described in [MSFT-CVE-2022-37976]. |
December 16, 2022 |
|
|
Specifies the Privilege Attribute Certificate Data Structure, which is used to encode authorization information. The Privilege Attribute Certificate also contains memberships, additional credential information, profile and policy information, and supporting security metadata. This document has been updated as follows: ● 2.4 PAC_INFO_BUFFER: Added new required ulType 0x00000013 for Extended KDC (privilege server) checksum buffer. Additional checksum buffers are to be ignored. ● 2.8.1 Server Signature: Added that the server signature MUST be generated AFTER the extended KDC signature. ● 2.8.3 Ticket Signature: Added the extended KDC signature in the recompute list. ● 2.8.4 Extended KDC Signature: Added new section, used to detect tampering of PACs by parties other than the KDC. When a ticket is altered as during renewal the KDC SHOULD verify the integrity of the existing signatures and recompute the ticket signature, server signature, KDC signature, and extended KDC signature in the PAC. |
December 12, 2022 |
|
|
Specifies the Microsoft implementation of the Kerberos Protocol Extensions, as specified in [RFC4120], by specifying any Windows behaviors that differ from the Kerberos Protocol, in addition to Windows extensions for interactive logon and the inclusion of authorization information expressed as group memberships and related information. This document has been updated as follows: To mitigate RC4 vulnerabilities the following changes were made. ● Added AES256-CTS-HMAC-SHA1-96-SK to section 2.2.7 Supported Encryption Types Bit Flags. ● Replaced SHOULD with MUST support the AES encryption types and removed RC4-HMAC-EXP [24] in section 3.1.5.2 Encryption Types. ● Removed RC4 support in section 5.1.5 DES Downgrade Protection. |
December 1, 2022 |
|
|
Specifies the Netlogon Remote Protocol, an RPC interface that is used for user and machine authentication on domain-based networks; to replicate the user account database for operating systems earlier than Windows 2000 backup domain controllers; to discover, manage, and maintain domain relationships of domain members and domain controllers across domains. This document has been updated as follows: To mitigate RC4 vulnerabilities the following changes were made. ● SealSecureChannel changed to this setting MUST be TRUE. ● Section 3.1.4.6 Calling Methods Requiring Session-Key Establishment, in step 1 changed to Clients MUST request the (RPC) Privacy authentication level and in step 4 added RPC Integrity to the MUST deny request list. ● RequireSignOrSeal changed to this setting MUST be TRUE and MUST be initialized to TRUE. ● SignSecureChannel added this setting is deprecated. ● In section 3.5.3 Initialization: changed RejectMD5Clients set to TRUE and SealSecureChannel MUST be TRUE. |
November 8, 2022 |
|
|
[MS-DCOM]: Distributed Component Object Model (DCOM) Remote Protocol |
Specifies the Distributed Component Object Model (DCOM) Remote Protocol, which exposes application objects via remote procedure calls (RPCs) and consists of a set of extensions layered on the Microsoft Remote Procedure Call Extensions. This document has been updated as follows: Updated to indicate that on Windows, the client can raise the authentication level requested by the application to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, if it is less than that. Also specified that the Windows 11 Desktop v22H2 operating system supports this behavior. |
November 7, 2022 |
|
[MS-DCOM]: Distributed Component Object Model (DCOM) Remote Protocol |
Specifies the Distributed Component Object Model (DCOM) Remote Protocol, which exposes application objects via remote procedure calls (RPCs) and consists of a set of extensions layered on the Microsoft Remote Procedure Call Extensions. This document has been updated as follows: Updated to indicate that on Windows, the client can raise the authentication level requested by the application to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, if it is less than that. Also specified the operating systems that support this behavior. |
October 24, 2022 |
|
[MS-DCOM]: Distributed Component Object Model (DCOM) Remote Protocol |
Specifies the Distributed Component Object Model (DCOM) Remote Protocol, which exposes application objects via remote procedure calls (RPCs) and consists of a set of extensions layered on the Microsoft Remote Procedure Call Extensions. This document has been updated as follows: Updated product behavior note 37 in section 2.2.22.2.8.1 to ensure that RPC_C_AUTHN_LEVEL_PKT_INTEGRITY authentication level will be the minimum auth level following evaluation of the authentication level of DCOM client calls. Also specified the operating systems that support this behavior. |
October 11, 2022 |
|
[MS-DCOM]: Distributed Component Object Model (DCOM) Remote Protocol |
Specifies the Distributed Component Object Model (DCOM) Remote Protocol, which exposes application objects via remote procedure calls (RPCs) and consists of a set of extensions layered on the Microsoft Remote Procedure Call Extensions. This document has been updated as follows: Updated to indicate that on Windows, the client can raise the authentication level requested by the application to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, if it is less than that. Also specified the operating systems that support this behavior. |
October 4, 2022 |
|
Specifies version 2 of the Mobile Device Enrollment Protocol (MDE), which enables enrolling a device with the DMS through an Enrollment Service (ES). The protocol includes the discovery of the Management Enrollment Service (MES) and enrollment with the ES. This document has been updated as follows: Updated product notes with RequestVersion and EnrollmentVersion version 5.0 support from Windows 11 (version 2) to Windows 11 (version 1) 2022 10C patch and later. |
October 3, 2022 |
|
|
[MS-RDPBCGR]: Remote Desktop Protocol: Basic Connectivity and Graphics Remoting |
Specifies the Remote Desktop Protocol: Basic Connectivity and Graphics Remoting, designed to facilitate user interaction with a remote computer system by transferring graphics display information from the remote computer to the user and transporting input from the user to the remote computer, where it may be injected locally. This document has been updated as follows: Added sections documenting the support for making Azure Active Directory RDP connections. |
September 3, 2022 |
|
Specifies the Windows Client Certificate Enrollment Protocol, which consists of a set of DCOM interfaces that enable clients to request various services from a certification authority (CA). These services enable X.509 (as specified in [X509]) digital certificate enrollment, issuance, revocation, and property retrieval. This document has been updated as follows: Added support for pre-signing of certificates at Certificate Authority (CA) using a dummy (or test) key. |
September 3, 2022 |
|
|
Specifies the Mobile Device Management Protocol (MDM), a subset of the Open Mobile Association (OMA) standard protocol, which provides a mechanism for managing devices previously enrolled into a management system through the Microsoft Mobile Device Management Enrollment Protocol [MS-MDE]. This document has been updated as follows: Section 2.1 Transport: Added Note 9 to indicate that when the ForceAadToken in the DMClient configuration service provider is set by the server the client adds a custom header. The format of the client's custom header that contains the Azure Active Domain (AAD) token is given. |
June 14, 2022 |
|
|
Specifies File System Algorithms in terms of an abstract model for how an object store can be implemented to support the Server Message Block (SMB) Version 1.0 Protocol [MS-SMB] and the Server Message Block (SMB) Version 2.0 Protocol [MS-SMB2]. This document has been updated as follows: Updated changes in the FSCTL_SET_INTEGRITY_INFORMATION_EX operation after application of updates [MSKB-5014701], [MSKB-5014702], [MSKB-5014710]. |
May 27, 2022 |
|
|
Specifies the File System Control Codes that define the network format of native Windows structures that may be used within other protocols. This document has been updated as follows: Updated changes in the FSCTL_SET_INTEGRITY_INFORMATION_EX operation after application of updates [MSKB-5014701], [MSKB-5014702], [MSKB-5014710]. |
May 27, 2022 |
|
|
[MS-SMB2]: Server Message Block (SMB) Protocol Versions 2 and 3 |
Specifies the Server Message Block (SMB) Protocol Versions 2 and 3, which support the sharing of file and print resources between machines and extend the concepts from the Server Message Block Protocol. This document has been updated as follows: Added references to changes in the FSCTL_SET_INTEGRITY_INFORMATION_EX operation after application of updates [MSKB-5014701], [MSKB-5014702], [MSKB-5014710]. |
May 27, 2022 |
|
Specifies the Certificate Templates Structure. This structure describes the syntax and interpretation of certificate templates, which forms the basis of certificate management for the Certificate Templates Protocol. This document has been updated as follows: Added a new enrollment-attribute flag CT_FLAG_NO_SECURITY_EXTENSION to the msPKI-Enrollment-Flag Attribute table, that when applied, instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. A behavior note is added to indicate that this enrollment flag is supported by the operating systems specified in [MSFT-CVE-2022-26931], each with its related KB article download installed. |
May 10, 2022 |
|
|
[MS-PKCA]: Public Key Cryptography for Initial Authentication (PKINIT) in Kerberos Protocol |
Specifies the Public Key Cryptography for Initial Authentication (PKINIT) in Kerberos Protocol. This protocol enables the use of public key cryptography in the initial authentication exchange of the Kerberos Protocol (PKINIT) and specifies the Windows implementation of PKINIT where it differs from [RFC4556]. This document has been updated as follows: ● Section 3.1.5.2.1.5 Mapping Strength, added section for the KDC to search for strong mappings to map a certificate to a user. ● Section 3.1.5.2.1.6 SID, added section for the KDC to find strong user mappings by using the certificate SID. |
May 10, 2022 |
|
Specifies the Windows Client Certificate Enrollment Protocol, which consists of a set of DCOM interfaces that enable clients to request various services from a certification authority (CA). These services enable X.509 (as specified in [X509]) digital certificate enrollment, issuance, revocation, and property retrieval. This document has been updated as follows: Created a new security extension and specified certificate authority (CA) server processing rules for enhanced security protections. A new template enrollment flag assists in coordinating how the processing rule security logic is applied. A behavior note is added to indicate that this security extension is supported by the operating systems specified in [MSFT-CVE-2022-26931], each with its related KB article download installed. |
May 10, 2022 |
|
|
Specifies File System Algorithms in terms of an abstract model for how an object store can be implemented to support the Server Message Block (SMB) Version 1.0 Protocol [MS-SMB] and the Server Message Block (SMB) Version 2.0 Protocol [MS-SMB2]. This document has been updated as follows: Updated changes in the FSCTL_SET_INTEGRITY_INFORMATION_EX operation after application of updates [MSKB-5014019], [MSKB-5014021], [MSKB-5014022], [MSKB-5014023]. |
May 2, 2022 |
|
|
Specifies the File System Control Codes that define the network format of native Windows structures that may be used within other protocols. This document has been updated as follows: Updated changes in the FSCTL_SET_INTEGRITY_INFORMATION_EX operation after application of updates [MSKB-5014019], [MSKB-5014021], [MSKB-5014022], [MSKB-5014023]. |
May 2, 2022 |
|
|
Specifies the Mobile Device Management Protocol (MDM), a subset of the Open Mobile Association (OMA) standard protocol, which provides a mechanism for managing devices previously enrolled into a management system through the Microsoft Mobile Device Management Enrollment Protocol [MS-MDE]. This document has been updated as follows: Section 3.2.5.1: Added a product note that support for user sessions on Windows 11, version 22H2 operating system (version2) multi-session Edition only in Windows Virtual Desktop was backported to Windows 11 (version 1). |
May 2, 2022 |
|
|
[MS-SMB2]: Server Message Block (SMB) Protocol Versions 2 and 3 |
Specifies the Server Message Block (SMB) Protocol Versions 2 and 3, which support the sharing of file and print resources between machines and extend the concepts from the Server Message Block Protocol. This document has been updated as follows: Added references to changes in the FSCTL_SET_INTEGRITY_INFORMATION_EX operation after application of updates [MSKB-5014019], [MSKB-5014021], [MSKB-5014022], [MSKB-5014023]. |
May 2, 2022 |
Technical Document Release
The following technical documents were updated for Windows 11 v22H2.
|
Specification |
Description |
Release date |
|---|---|---|
|
Specifies the Connected Devices Platform Protocol Version 3. This protocol provides a discovery system to authenticate and verify users and devices, as well as providing a message exchange between devices. It provides a transport-agnostic means of building connections among all of a user's devices, whether available through the cloud or through direct physical presence. This document has been updated to document a BlueTooth MacAddress added to the UDP Presence Response to deduplicate devices. |
October 3, 2022 |
|
|
Specifies the core functionality of Active Directory. Active Directory extends and provides variations of the Lightweight Directory Access Protocol (LDAP). This document has been updated as follows: ● Provided the ability to use LDAP limits to configure the maximum number of objects returned by the msds-TokenGroup* family constructed attributes. ● Enabled information about root and child domains in trusting Active Directory forests to be queried and stored in existing msdsForestTrustInfo AD attribute; this information is then used for namespace filtering during NTLM pass-through authentications. ● Checked UserAccountControl attributes on computer objects and set the default to UF_WORKSTATION_TRUST_ACCOUNT; if default not set, the Add method returns ERROR_DS_SECURITY_ILLEGAL_MODIFY. ● Included additional authorization checks for LDAP Add-object and Modify-object operations. ● Included SPN alias uniqueness updates to facilitate domain-wide userPrincipalName (UPN) and servicePrincipalName (SPN) uniqueness checking. All these features are supported in Windows 11 v22H2 and later operating systems. |
April 29, 2022 |
|
|
Specifies the Connected Devices Platform Protocol Version 3. This protocol provides a discovery system to authenticate and verify users and devices, as well as providing a message exchange between devices. It provides a transport-agnostic means of building connections among all of a user's devices, whether available through the cloud or through direct physical presence. This document has been updated as follows: Added the PrincipalNameHash to the Presence Response UDP. PrincipalNameHash is a salted hash of the device id and the logged-on user's account email. |
April 29, 2022 |
|
|
Specifies the Encrypting File System Remote (EFSRPC) Protocol, which performs maintenance and management operations on encrypted data that is stored remotely and accessed over a network. This document has been updated as follows: Added product behavior notes throughout to indicate that the lsarpc endpoint has been removed in Windows 11 v22H2 and later. |
April 29, 2022 |
|
|
Specifies the Firewall and Advanced Security Protocol. The protocol manages firewall and advanced security components on remote computers. This document has been updated as follows: ● Updated operating system applicability in product behavior note <4> to specify support of Dynamic Keyword Addresses feature in Windows 11 v22H2 and Windows Server 2022 operating system. ● Added new Firewall rule enforcement state to represent detection of duplicate Firewall rules, such that object policies already enforced by the server are not duplicated. ● Updated Firewall Policy version table and policy listing in text to include policy v2.32 (0x0220), to coincide with the advent of Windows 11 v22H2 operating system. |
April 29, 2022 |
|
|
Specifies version 2 of the Mobile Device Enrollment Protocol (MDE), which enables enrolling a device with the DMS through an Enrollment Service (ES). The protocol includes the discovery of the Management Enrollment Service (MES) and enrollment with the ES. This document has been updated as follows: Updated to version 5.0 with the following elements for this version of Windows Client: ● Added a new product value to the OSEdition Enumeration for MS-MDM Windows Azure. ● Added value 5.0 to RequestVersion for DiscoveryRequest. ● Added value 5.0 to EnrollmentVersionfor DiscoveryResponse. ● Added two new child elements the GetPoliciesResponse. ● Added seven new ac: elements to the RequestSecurityToken using Federated Authentication. ● Added seven new ac: elements to the RequestSecurityToken using On-Premise Authentication. ● Added new Certificate Recovery section 3.6 with subsections. ● Updated the RequestVersion number in the Discovery input message example. ● Updated the EnrollmentVersion number in the Discovery output message. ● Updated the code for the call to the RequestSecurityToken message example. |
April 29, 2022 |
|
|
Specifies the Mobile Device Management Protocol (MDM), a subset of the Open Mobile Association (OMA) standard protocol, which provides a mechanism for managing devices previously enrolled into a management system through the Microsoft Mobile Device Management Enrollment Protocol [MS-MDE]. This document has been updated as follows: ● Azure Details –Contains the following. ● Message Processing Events and Sequencing Rules ●
Windows Azure Virtual Desktop (AVD) for Multi-users' User Setting
Configuration ●
Device Session vs. User Session ●
Azure AD Join ● SyncApplicationVersion ●
MultipleSession Poll Interval ●
SyncType Alert
|
April 29, 2022 |
|
|
[MS-RDPBCGR]: Remote Desktop Protocol: Basic Connectivity and Graphics Remoting
|
Specifies the Remote Desktop Protocol: Basic Connectivity and Graphics Remoting, designed to facilitate user interaction with a remote computer system by transferring graphics display information from the remote computer to the user and transporting input from the user to the remote computer, where it may be injected locally. This document has been updated as follows: ● Added values for the version fields for RDP versions 10.10 and 10.11 for both clients and servers. ● Documented new capabilities flags for the client or server to show it can skip the MCS Channel Join in the Channel Connection phase. Processing rules updated for handling the new flags. |
April 29, 2022 |
|
[MS-RDPEAI]: Remote Desktop Protocol: Audio Input Redirection Virtual Channel Extension |
Specifies the Remote Desktop Protocol: Audio Input Redirection Virtual Channel Extension, which transfers audio data from a client to a server. This document has been updated as follows: A value has been added to the Version PDU to indicate Version 2 of the protocol. Processing rules were updated for the new value. |
April 29, 2022 |
|
[MS-RDPEGFX]: Remote Desktop Protocol: Graphics Pipeline Extension |
Specifies the Remote Desktop Protocol: Graphics Pipeline Extension, a graphics protocol that is used to encode graphics display data generated in a remote terminal server session so that the data can be sent from the server and received, decoded, and rendered by a compatible client. The net effect is that a desktop or an application running on a remote terminal server appears as if it is running locally. This document has been updated as follows: Added a new capability set and provided processing rules for the new set. |
April 29, 2022 |
|
Specifies the Windows Update Services: Client-Server Protocol, which enables machines to discover and download software updates over the Internet using the SOAP and HTTP protocols. This document has been updated as follows: ● Improved the gathering of metadata describing software update content, including the identification of software revisions, installed hardware devices, update relationships, and client metadata, in Windows update scenarios by: ● Adding DeviceFlags to the SyncUpdates parameters to more easily detect and distinguish PNP versus non-PNP devices when gathering client device metadata. ● Adding the DriverRank element to ensure uniformity with the base installed driver type of a device to determine how well a driver package matches the device. ● Adding the callerAttributes element to optimize client/server communications by aligning the core metadata for a software revision obtained from the SyncUpdates method with additional metadata obtained from the GetExtendedUpdateInfo2 method, by sending callerAttributes in both calls. These features are supported by Windows 11 v22H2 and later. |
April 29, 2022 |
Technical Document Release
The following technical document was revised with product updates in November 2022 for Microsoft SQL Server 2022 and may have been revised for content issues.
|
Specification |
Description |
Release date |
|---|---|---|
|
Specifies the Tabular Data Stream (TDS) protocol versions 7 and 8, which is an application layer request/response protocol that facilitates interaction with a database server and provides for authentication and channel encryption; specification of requests in SQL (including Bulk Insert); invocation of a stored procedure, also known as a Remote Procedure Call (RPC); returning of data; and Transaction Manager Requests. This document has been updated as follows: ● Defined the difference between the TDS 7.x version family, in which encryption is optional and negotiated in the TDS layer, and the new TDS 8.0 version, in which encryption is mandatory and handled in the lower layer before TDS begins functioning. ● Added prelogin features for communication between client and server to enhance the security and efficiency of login support. ● Added support to the COLUMNENCRYPTION feature extension for the ability to allow clients to cache column encryption keys when enclave computations are required. |
November 1, 2022 |
Content Updates
The following documents were republished in April 2022 to incorporate previous servicing release updates and/or other content issues.
Overview Documents Release
|
Specification |
Description |
Release date |
|---|---|---|
|
Provides an overview of the functionality and relationship of the protocols implemented in the Remote Desktop services in Windows, which includes the protocols specified in [MS-RDPBCGR], [MS-TSGU], [MS-TSTS], [MS-TSWP], [MS-RDPEDC], [MS-RDPEGDI], [MS-RDPCR2], [MS-RDPNSC], [MS-RDPRFX], [ MS-RDPEPS], [MS-RDPELE], [MS-RDPECLIP], [MS-RDPEDYC], [MS-RDPEFS], [MS-RDPESP], [MS-RDPEPC], [MS-RDPESC], [MS-RDPEA], [MS-RDPEAI], [MS-RDPEMC], [MS-RDPEPNP], [MS-RDPEUSB], [MS-RDPERP], [MS-RDPEV], [MS-RDPEXPS], [MS-RDPERP], [MS-RDPEUDP],[MS-RDPEGFX], [MS-RDPEMT], [MS-RDPEECO], [MS-RDPEVOR], [MS-RDPEI], and [MS-RDPEAR]. Using the Remote Desktop protocols, a user of a remote client can initiate a user session on a server and then run programs, save files, and use network resources. This supports the hosting of multiple simultaneous user sessions on servers. Remote Desktop protocols support scenarios such as redirecting keyboard, mouse, clipboard, media player content, print jobs, smart card data, and file system data between the RDP client and the server. This document has been updated as follow: ● Section 2.2 Protocol Summary: Added [MS-RDPEWA] to the list of member protocols that are used to enable transporting device data or resource data between an RDP client and an RD Session Host server. ● Section 2.2.1 Protocol Relationship Diagram: Added [MS-RDPEWA] to diagram under Dynamic Virtual Channel Protocols. |
March 13, 2023 |
|
|
Provides an overview of the functionality and relationship of the Authorization protocols, which control the process of granting access to resources once authentication has been accomplished. An authenticated request is not sufficient for access by itself; a corresponding decision must also be made to decide if a particular request is authorized. To accomplish this, several authorization models are provided under Windows. This document provides an overview of these models as implemented by [MS-PAC], [MS-AZMP], [MS-GPCAP], [MS-CAPR], [MS-CTA], [MS-DTYP], [MS-ADTS], [MS-COMA], and [MS-TDS]. This document has been updated as follows: In section 3.1 Reading from a File on Remote CBAC Aware SMB2 Share, added reference to [MS-NEGOEX]. |
June 14, 2022 |
|
|
Provides an overview of the Windows protocols documentation set. It provides a high-level roadmap for finding and navigating the documentation set and describes the content for each type of document. This document has been updated as follows: ● Section 4.1 Technical Specification Cross-Reference Matrix: Added citations to [MS-DHA] and [MS-MDM] and updated [MS-RNAS] protocol. ● Section 4.2 Technical Area Cross-Reference Matrix: Added [MS-MDE] and [MS-MDM] under Networking. |
June 14, 2022 |
|
|
Provides an overview of the Windows interoperability technologies and the protocols required for implementation. It also describes the intended functionality of the Windows interoperability protocols and technologies and provides examples of common user scenarios. This document has been updated as follows: In section 4 Device-Specific Protocols: ● Added MS-CDP Connected Devices Platform Service V3. ● Replaced MS-MDE with MS-MDE2 Mobile Device Enrollment Protocol Version 2. |
June 14, 2022 |
|
|
[MS-WSUSOD]: Windows Server Update Services Protocols Overview |
Provides a system overview of the protocols in the Windows Server Update Services (WSUS) system. The WSUS system implements the Windows Server Update Services: Client-Server Protocol specified in [MS-WUSP] and the Windows Server Update Services: Server-Server Protocol specified in [MS-WSUSSS]. These protocols enable communication between the Windows Server Update Services client and server to enable clients to discover software updates available on the server. They also enable communication between servers to propagate software update information, the updates, and administrative intent in a hierarchical deployment of the system. This document has been updated as follows: Updated section 3.3, Example 3 of this document to specify how to improve data collection with the use of the callerAttributes feature. |
June 14, 2022 |
Reference Document Release
The following reference document was updated in November 2021.
|
Specification |
Description |
Release Date |
|---|---|---|
|
Describes the HRESULT values, Win32 error codes, and NTSTATUS values that are referenced in the protocol specifications throughout the Windows protocols documentation set. This document has been updated as follows: Expanded the description of the CERT_E_REVOKED error value to include information about device drivers with invalid certificates. |
November 16, 2021 |