7 Appendix B: Product Behavior
The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.
The terms "earlier" and "later", when used with a product version, refer to either all preceding versions or all subsequent versions, respectively. The term "through" refers to the inclusive range of versions. Applicable Microsoft products are listed chronologically in this section.
The following tables show the relationships between Microsoft product versions or supplemental software and the roles they perform.
Windows Client releases |
Client role |
Server role |
---|---|---|
Windows NT operating system |
Yes |
Yes |
Windows 2000 Professional operating system |
Yes |
Yes |
Windows XP operating system |
Yes |
Yes |
Windows Vista operating system |
Yes |
Yes |
Windows 7 operating system |
Yes |
Yes |
Windows 8 operating system |
Yes |
Yes |
Windows 8.1 operating system |
Yes |
Yes |
Windows 10 operating system |
Yes |
Yes |
Windows 11 operating system |
Yes |
Yes |
Windows Server releases |
Client role |
Server role |
---|---|---|
Windows NT |
Yes |
Yes |
Windows 2000 Server operating system |
Yes |
Yes |
Windows Server 2003 operating system |
Yes |
Yes |
Windows Server 2003 R2 operating system |
Yes |
Yes |
Windows Server 2008 operating system |
Yes |
Yes |
Windows Server 2008 R2 operating system |
Yes |
Yes |
Windows Server 2012 operating system |
Yes |
Yes |
Windows Server 2012 R2 operating system |
Yes |
Yes |
Windows Server 2016 operating system |
Yes |
Yes |
Windows Server operating system |
Yes |
Yes |
Windows Server 2019 operating system |
Yes |
Yes |
Windows Server 2022 operating system |
Yes |
Yes |
Windows Server 2025 operating system |
Yes |
Yes |
Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.
Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.
<1> Section 2.1: The Windows RPC server and RPC client do not support TCP/IP on Windows NT and Windows 2000 operating system.
<2> Section 2.1: The endpoint "\PIPE\lsarpc" by default allows anonymous access on Windows NT 3.1 operating system, Windows NT 3.5 operating system, Windows NT 3.51 operating system, Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 R2, and Windows Vista. Anonymous access to this pipe is removed by default on Windows Vista operating system with Service Pack 1 (SP1) and later and Windows Server 2008 and later. Pipe access check happens before any other access check, and hence overrides any other access.
<3> Section 2.1: If the client uses an unsupported RPC protocol sequence, the RPC server implementations in Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2003 R2 return RPC_S_PROTSEQ_NOT_SUPPORTED (as specified in [MS-ERREF]). Windows Vista and later and Windows Server 2008 and later throw an RPC exception with status code ERROR_ACCESS_DENIED.
<4> Section 2.1: Servers running Windows 2000, Windows XP, and Windows Server 2003 accept calls at any authentication level. Without [MSKB-3149090] installed, servers running Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 v1507 operating system, or Windows 10 v1511 operating system also accept calls at any authentication level.
<5> Section 2.2: The following table contains a timeline of when a particular data type was introduced.
Data type name |
Windows version |
---|---|
LSAPR_HANDLE |
Windows NT 3.1 |
STRING |
Windows NT 3.1 |
LSAPR_ACL |
Windows NT 3.1 |
SECURITY_DESCRIPTOR_CONTROL |
Windows NT 3.1 |
LSAPR_SECURITY_DESCRIPTOR |
Windows NT 3.1 |
SECURITY_IMPERSONATION_LEVEL |
Windows NT 3.1 |
SECURITY_CONTEXT_TRACKING_MODE |
Windows NT 3.1 |
SECURITY_QUALITY_OF_SERVICE |
Windows NT 3.1 |
LSAPR_OBJECT_ATTRIBUTES |
Windows NT 3.1 |
ACCESS_MASK |
Windows NT 3.1 |
LSAPR_TRUST_INFORMATION |
Windows NT 3.1 |
LSAPR_REFERENCED_DOMAIN_LIST |
Windows NT 3.1 |
SID_NAME_USE |
Windows NT 3.1 |
LSA_TRANSLATED_SID |
Windows NT 3.1 |
LSAPR_TRANSLATED_SIDS |
Windows NT 3.1 |
LSAP_LOOKUP_LEVEL |
Windows NT 3.1 |
LSAPR_SID_INFORMATION |
Windows NT 3.1 |
LSAPR_SID_ENUM_BUFFER |
Windows NT 3.1 |
LSAPR_TRANSLATED_NAME |
Windows NT 3.1 |
LSAPR_TRANSLATED_NAMES |
Windows NT 3.1 |
LSAPR_TRANSLATED_NAME_EX |
Windows 2000 |
LSAPR_TRANSLATED_NAMES_EX |
Windows 2000 |
LSAPR_TRANSLATED_SID_EX |
Windows 2000 |
LSAPR_TRANSLATED_SIDS_EX |
Windows 2000 |
LSAPR_TRANSLATED_SID_EX2 |
Windows XP, Windows Server 2003 |
LSAPR_TRANSLATED_SIDS_EX2 |
Windows XP, Windows Server 2003 |
<6> Section 2.2.13: The following table contains a timeline of when a particular enumeration value was introduced.
Enumeration value |
Enumeration name |
Windows version |
---|---|---|
1 |
SidTypeUser |
Windows NT 3.1 |
2 |
SidTypeGroup |
Windows NT 3.1 |
3 |
SidTypeDomain |
Windows NT 3.1 |
4 |
SidTypeAlias |
Windows NT 3.1 |
5 |
SidTypeWellKnownGroup |
Windows NT 3.1 |
6 |
SidTypeDeletedAccount |
Windows NT 3.1 |
7 |
SidTypeInvalid |
Windows NT 3.1 |
8 |
SidTypeUnknown |
Windows NT 3.1 |
9 |
SidTypeComputer |
Windows 2000 |
10 |
SidTypeLabel |
Windows Vista, Windows Server 2008 |
<7> Section 2.2.15: The Windows RPC server and RPC client limit the Entries field of this structure to 1,000 (using the range primitive defined in [MS-RPCE]) in Windows XP operating system Service Pack 2 (SP2) and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0 operating system, Windows 2000, and Windows XP do not have this restriction.
<8> Section 2.2.16: The following table contains a timeline of when particular enumeration values were introduced.
Enumeration value |
Enumeration name |
Windows version |
---|---|---|
1 |
LsapLookupWksta |
Windows NT 3.1 |
2 |
LsapLookupPDC |
Windows NT 3.1 |
3 |
LsapLookupTDL |
Windows NT 3.1 |
4 |
LsapLookupGC |
Windows 2000 |
5 |
LsapLookupXForestReferral |
Windows XP, Windows Server 2003 |
6 |
LsapLookupXForestResolve |
Windows XP, Windows Server 2003 |
7 |
LsapLookupRODCReferralToFullDC |
Windows Vista, Windows Server 2008 |
<9> Section 2.2.18: The Windows implementation of the RPC server and RPC client limits the Entries field of this structure to 0x5000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.
<10> Section 2.2.20: The Windows RPC server and RPC client limit the Entries field of this structure to 0x5000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.
<11> Section 2.2.21: The following table contains a timeline of when each flag value was introduced.
Flag value |
Windows version |
---|---|
0x00000001 |
Windows 2000 |
0x00000002 |
Windows XP, Windows Server 2003 |
0x00000004 |
Windows Vista, Windows Server 2008 |
<12> Section 2.2.22: The Windows RPC server and RPC client limit the Entries field of this structure to 0x5000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.
<13> Section 2.2.23: The following table contains a timeline of when each flag value was introduced.
Flag value |
Windows version |
---|---|
0x00000001 |
Windows 2000 |
0x00000002 |
Windows XP, Windows Server 2003 |
0x00000004 |
Windows Vista, Windows Server 2008 |
<14> Section 2.2.24: The Windows RPC server and RPC client limit the Entries field of this structure to 1,000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.
<15> Section 2.2.25: The following table contains a timeline of when each flag value was introduced.
Flag value |
Windows version |
---|---|
0x00000001 |
Windows 2000 |
0x00000002 |
Windows XP, Windows Server 2003 |
0x00000004 |
Windows Vista, Windows Server 2008 |
<16> Section 2.2.26: The Windows RPC server and RPC client limit the Entries field of this structure to 1,000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.
<17> Section 3.1.1.1: Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, and Windows NT 4.0, when creating these views, leave the Domain DNS Name, Default User Principal Names, User Principal Name, and Security Principal SID History columns empty; therefore, they cannot be used for matching.
<18> Section 3.1.1.1.1: The Enterprise Domain Controllers, Self, Authenticated Users, Restricted, and Terminal Server User entries were added in Windows 2000.
The Local Service, Network Service, and Remote Interactive Logon entries were added in Windows XP.
The This Organization and Other Organization entries were added in Windows Server 2003.
<19> Section 3.1.1.1.1: The entries in the table that precedes this citation in section 3.1.1.1.1 were added in Windows Server 2003.
<20> Section 3.1.1.1.1: The entries in the table that precedes this citation in section 3.1.1.1.1 were added in Windows Vista.
<21> Section 3.1.4: The Windows implementation of this protocol asks the RPC engine to do the following:
Perform a strict Network Data Representation (NDR) data consistency check at target level 5.0 (as specified in [MS-RPCE] section 3) in all version of Windows except Windows NT.
Include support for both NDR and NDR64 transfer syntaxes, as well as the negotiation mechanism for determining what transfer syntax will be used (as specified in [MS-RPCE] section 3) in Windows XP and later and Windows Server 2003 and later.
Via the strict_context_handle attribute, reject the use of context handles created by a method of a different RPC interface than this one (as specified in [MS-RPCE] section 3).
<22> Section 3.1.4: The following table contains a timeline of when each method was introduced.
Opnum |
Friendly name |
Product |
---|---|---|
0 |
LsarClose |
Windows NT 3.1 |
6 |
LsarOpenPolicy |
Windows NT 3.1 |
14 |
LsarLookupNames |
Windows NT 3.1 |
15 |
LsarLookupSids |
Windows NT 3.1 |
44 |
LsarOpenPolicy2 |
Windows NT 3.51 |
45 |
LsarGetUserName |
Windows NT 4.0 |
57 |
LsarLookupSids2 |
Windows 2000 |
58 |
LsarLookupNames2 |
Windows 2000 |
68 |
LsarLookupNames3 |
Windows XP, Windows Server 2003 |
76 |
LsarLookupSids3 |
Windows XP, Windows Server 2003 |
77 |
LsarLookupNames4 |
Windows XP, Windows Server 2003 |
<23> Section 3.1.4: Some gaps in the opnum numbering sequence correspond to opnums that are documented in [MS-LSAD]. All other gaps in the opnum numbering sequence apply to Windows as follows.
Opnum |
Description |
---|---|
1 |
Used only locally by Windows, never remotely. |
5 |
Not used by Windows. |
9 |
Not used by Windows. |
21 |
Not used by Windows. |
22 |
Not used by Windows. |
52 |
Not used by Windows. |
56 |
Used only locally by Windows, never remotely. |
60 |
Used only locally by Windows, never remotely. |
61 |
Used only locally by Windows, never remotely. |
62 |
Used only locally by Windows, never remotely. |
63 |
Used only locally by Windows, never remotely. |
64 |
Used only locally by Windows, never remotely. |
65 |
Used only locally by Windows, never remotely. |
66 |
Used only locally by Windows, never remotely. |
67 |
Used only locally by Windows, never remotely. |
69 |
Used only locally by Windows, never remotely. |
70 |
Used only locally by Windows, never remotely. |
71 |
Used only locally by Windows, never remotely. |
72 |
Used only locally by Windows, never remotely. |
75 |
Used only locally by Windows, never remotely. |
<24> Section 3.1.4.5: The Windows RPC server and RPC client limit the Count field of this structure to 1,000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.
<25> Section 3.1.4.5: For Windows, usage of 0x00000001 for ClientRevision implies a client that is running an operating system released before Windows 2000 (Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, and Windows NT 4.0). Usage of 0x00000002 implies that the client is running an operating system version of Windows 2000 and later.
<26> Section 3.1.4.5: Applies to Windows 11, version 24H2 operating system and later, and to Windows Server 2025 and later.
<27> Section 3.1.4.5: Windows 2000 Server, Windows Server 2003, and Windows Server 2003 R2 do not match names in user principal name form if ALL of the following are true:
LookupLevel is either LsapLookupWksta or LsapLookupPDC.
The server is a domain controller.
ClientRevision is 0x00000001.
The server is in a mixed domain environment.
<28> Section 3.1.4.5: On a domain-joined, non-DC machine, when 0x80000000 is passed for the LookupOptions argument with a mix of isolated and composite names that cannot be matched in the views that are to be searched, Windows XP and later and Windows Server 2003 and later return STATUS_SOME_NOT_MAPPED.
<29> Section 3.1.4.6: All versions of Windows that implement this method (LsarLookupNames3) also implement LsarLookupNames4 (both in terms of client and server); hence, this method does not need to be implemented to interoperate with Windows clients or servers. The choice of which method to call depends on whether the client has a local security authority (LSA) policy handle or an RPC binding handle. Complete compatibility with Windows supports both calls.
<30> Section 3.1.4.6: The Windows implementation of the RPC server and RPC client limits the Count field of this structure to 1,000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.
<31> Section 3.1.4.7: A Windows RPC server can optionally be configured to deny this call, and the error returned in this case is STATUS_NOT_SUPPORTED.
<32> Section 3.1.4.7: The Windows RPC server and RPC client limit the Count field of this structure to 1,000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.
<33> Section 3.1.4.8: The Windows RPC server and RPC client limit the Count field of this structure to 1,000 (using the range primitive defined in [MS-RPCE]) in Windows XP SP2 and later and Windows Server 2003 and later. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows NT 4.0, Windows 2000, and Windows XP do not enforce this restriction.
<34> Section 3.1.4.9: Applies to Windows 11, version 24H2 and later, and to Windows Server 2025 and later.
<35> Section 3.1.4.10: The Windows RPC client sets LookupOptions to 0.
<36> Section 3.2: Windows clients negotiate the highest revision supported by the server by first calling the highest revision supported for that client. If the RPC exception that indicates that the function is out of range is returned from the server (exception number 0x6d1), the client proceeds to call the next lower revision. This process is repeated until the oldest possible revision supported by the client is invoked or until the server responds to the request.
<37> Section 5.1: The Windows RPC server for this protocol is customizable to allow anonymous callers to make requests for compatibility with Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, and Windows NT 4.0 machines.