8 Change Tracking

  • Article

This section identifies changes that were made to this document since the last release. Changes are classified as Major, Minor, or None.

The revision class Major means that the technical content in the document was significantly revised. Major changes affect protocol interoperability or implementation. Examples of major changes are:

  • A document revision that incorporates changes to interoperability requirements.

  • A document revision that captures changes to protocol functionality.

The revision class Minor means that the meaning of the technical content was clarified. Minor changes do not affect protocol interoperability or implementation. Examples of minor changes are updates to clarify ambiguity at the sentence, paragraph, or table level.

The revision class None means that no new technical changes were introduced. Minor editorial and formatting changes may have been made, but the relevant technical content is identical to the last released version.

The changes made to this document are listed in the following table. For more information, please contact dochelp@microsoft.com.

Section

Description

Revision class

2.1 Transport

Updated for Windows 11 v24H2 and Windows Server 2025. Added requirement that TCP/IP must be used in order to use the LsarOpenPolicyWithCreds method.

Major

2.2.1.5 LSA Trust Record Flags

11702 : Added note to ignore the LSA_SCANNER_INFO_DISABLE_AUTH_TARGET_VALIDATION flag.

Major

2.2.2.6 LSAPR_REVISION_INFO_V1

Added new supported feature value to indicate that AES encryption should be used.

Major

2.2.2.6 LSAPR_REVISION_INFO_V1

Added a flag value to indicate the client should use AES encryption.

Major

2.2.2.6 LSAPR_REVISION_INFO_V1

Updated for Windows 11 v24H2 and Windows Server 2025. Added a value to SupportedFeatures to indicate that client may use additional methods, and that the server supports LsarOpenPolicyWithCreds.

Major

2.2.6.2 LSAPR_AES_CIPHER_VALUE

Added data type for using AES encryption with secret handling.

Major

2.2.7.29 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES

11622 : Clarified that the cleartext password data is in the form of a LSAPR_TRUSTED_DOMAIN_AUTH_BLOB.

Major

3.1.4 Message Processing Events and Sequencing Rules

Updated for Windows 11 v24H2 and Windows Server 2025. Added protocol message entry (Opnum 135) to the Methods table.

Major

3.1.4.4.9 LsarOpenPolicy3 (Opnum 130)

Updated for Windows 11 v24H2 and Windows Server 2025. Added server processing rules related to AES encryption and name lookups with authentication.

Major

3.1.4.4.10 LsarOpenPolicyWithCreds (Opnum 135)

Updated for Windows 11 v24H2 and Windows Server 2025. Added a new method which opens a context handle to the RPC server using provided credentials.

Major

3.1.4.6.7 LsarOpenSecret2 (Opnum 136)

Added method using AES encryption.

Major

3.1.4.6.8 LsarCreateSecret2 (Opnum 137)

Added method using AES encryption.

Major

3.1.4.6.9 LsarSetSecret2 (Opnum 138)

Added method using AES encryption.

Major

3.1.4.6.10 LsarQuerySecret2 (Opnum 139)

Added method using AES encryption.

Major

3.1.4.6.11 LsarStorePrivateData2 (Opnum 140)

Added method using AES encryption.

Major

3.1.4.6.12 LsarRetrievePrivateData2 (Opnum 141)

Added method using AES encryption.

Major

3.1.4.7.10 LsarCreateTrustedDomainEx2 (Opnum 59)

11667 : Added information about the data type of the AuthenticationInformation parameter.

Major

3.1.4.7.17 LsarCreateTrustedDomainEx3 (Opnum 129)

11622 : Added information for the AuthenticationInformation parameter, clarifying that it has the form of an LSAPR_TRUSTED_DOMAIN_AUTH_BLOB and that the server returns an error if the cbCipher field is too small.

Major

7 Appendix B: Product Behavior

Added Windows Server 2025 to the Windows Server releases role table list of applicable products.

Major