0% found this document useful (0 votes)

33 views

Openspecs Windows Protocols Ms SCMR

Uploaded by

wanghoa6868

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

33 views

Openspecs Windows Protocols Ms SCMR

Uploaded by

wanghoa6868

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 407

Tell us about your PDF experience.

Open Specifications
Article • 08/01/2023

Through the Open Specifications program, Microsoft is helping developers open new
opportunities by making technical documents related to interoperability for certain
popular Microsoft products available to view and download at no charge.

Although the Open Specifications technical documents are freely available, many of
them include patented inventions. Some of these patents are available at no charge
under the Open Specifications Promise or the Microsoft Community Promise. The
remaining patents are available through various licensing programs. For more
information, please visit the Microsoft Open Specifications Dev Center website or
send an email message to the IP Licensing Team.

Protocols

Microsoft publishes technical documents for protocols that are implemented in Windows
client (including .NET Framework) and Windows Server (collectively Windows), Office,
SharePoint Products and Technologies, Exchange Server, and Microsoft SQL Server and are
used to communicate with other Microsoft software products.

Computer Languages

Microsoft publishes technical documents for the VBA programming language and
Extensible Application Markup Language (XAML).

Standards Support

Microsoft publishes technical documents that describe support for specific standards
implemented in Exchange Server and Outlook; Internet Explorer; OData; Microsoft SQL
Server; Windows WordPad; and Word, Excel, and PowerPoint.

Data Portability

Microsoft publishes technical documents for the file formats created by Word, Excel,
PowerPoint, and Outlook and by SQL Server. Additionally, it publishes technical documents
that describe how user-created data in SQL Server can be extracted for use in other
software products.

Microsoft revises the technical documents regularly and, particularly, in connection with
the release of significant product updates and new versions.

Q&A and Blogs

Exchange Server Open Specifications and Standards Support - Microsoft Q&A

Home to technical questions and answers about Exchange Server Open Specifications and
Standards Support documents.

Office Open Specifications, Standards Support, and File Formats - Microsoft Q&A

Home to technical questions and answers about Office Open Specifications, Standards
Support, and File Format documents.

SharePoint Server Open Specifications - Microsoft Q&A

Home to technical questions and answers about SharePoint Server Open Specifications
documents.

SQL Server Open Specifications, Standards Support and Data Portability - Microsoft Q&A

Home to technical questions and answers about SQL Server Open Specifications,
Standards Support and Data Portability documents.

Windows Open Specifications and Standards Support - Microsoft Q&A

Home to technical questions and answers about Windows Open Specifications and
Standards Support documents.

Open Specifications Blogs

These blogs, authored by the engineers who support the Open Specifications documents,
provide a different venue for further discussion of those documents.

Also in this section

Programs
Protocols
Article • 08/01/2023

The Protocols section provides detailed Open Specifications technical documents for
certain protocols that are implemented in Exchange Server, Office, SharePoint Products
and Technologies, Microsoft SQL Server, Windows client (including .NET Framework) and
Windows Server collectively published under Windows Protocols and are used to
communicate with other Microsoft software products.

Q&A and Blogs

Exchange Server Open Specifications and Standards Support - Microsoft Q&A

Home to technical questions and answers about Exchange Server Open Specifications and
Standards Support documents.

Office Open Specifications, Standards Support, and File Formats - Microsoft Q&A

Home to technical questions and answers about Office Open Specifications, Standards
Support, and File Format documents.

SharePoint Server Open Specifications - Microsoft Q&A

Home to technical questions and answers about SharePoint Server Open Specifications
documents.

SQL Server Open Specifications, Standards Support and Data Portability - Microsoft Q&A

Home to technical questions and answers about SQL Server Open Specifications,
Standards Support and Data Portability documents.

Windows Open Specifications and Standards Support - Microsoft Q&A

Home to technical questions and answers about Windows Open Specifications and
Standards Support documents.

Open Specifications Blogs

These blogs, authored by the engineers who support the Open Specifications documents,
provide a different venue for further discussion of those documents.

Explore the Protocols Documentation

Exchange Server Protocols

Office Protocols

SharePoint Products and Technologies Protocols

Microsoft SQL Server Protocols

Windows Protocols

Downloads Related Sections Sites

Exchange Server Protocols .zip file (120+ Document Open Specifications Dev
MB) Programs Center

Microsoft Office Protocols .zip file (80+ Computer

MB) Languages

SharePoint Products and Technologies Standards

Protocols .zip file (200+ MB) Support

Microsoft SQL Server Protocols .zip file Data Portability

(50+ MB)

Windows Protocols .zip file (500+ MB)

Windows Protocols
Article • 08/10/2023

This page and associated content may be updated frequently. We recommend you
subscribe to the RSS feed to receive update notifications.

This documentation contains detailed technical specifications for Microsoft protocols

that are implemented and used by Windows to interoperate or communicate with other
Microsoft products. It also contains technical specifications for extensions to industry-
standard and other published protocols that are used by Windows. In addition, the
documentation includes a set of companion technology overview and reference
documents that supplement the technical specifications with conceptual background,
overviews of inter-protocol relationships and interactions, and technical reference
information.

Although the Open Specifications technical documents are freely available, many of
them include patented inventions. Some of these patents are available at no charge
under the Open Specifications Promise or the Microsoft Community Promise . The
remaining patents are available through various licensing programs. For more
information, please visit the Microsoft Open Specifications Dev Center or send an
email message to the IP Licensing Team.

Explore Windows Protocols Documentation

What's New and Changed in Windows Documents

Provides information about and links to new and updated protocol documents that contain
details about the most recently released versions of Windows Client and Windows Server
operating systems.

Windows Protocols Preview Documents

Provides preliminary versions of new or updated Open Specifications technical documents

for community review and feedback.

Windows Protocols Errata

Provides clarifications and adjustments of content issues in published versions of protocol

documents that could impact an implementation.

Windows Protocols Overview Documents

Provides information about the protocols and other technologies that are included in the
Windows Protocols documentation set and the relationships among those technologies.

Windows Protocols Technical Documents

Provides detailed technical specifications for Microsoft proprietary protocols (including

extensions to industry-standard or other published protocols) and other technologies that
are used by Windows to communicate with other Microsoft products.

Windows Protocols Reference Documents

Provides reference documents that are available for use with the Windows Protocols
documentation set.

Q&A and Blogs

Windows Open Specifications and Standards Support - Microsoft Q&A

Home to technical questions and answers about Windows Open Specifications and
Standards Support documents.

Open Specifications Blogs

These blogs, authored by the engineers who support the Open Specifications documents,
provide a different venue for further discussion of those documents.

Windows Interoperability Developer Blog

This blog is updated with the latest information on releases of the Open Specifications
documents.
Downloads Sites

Windows Protocols PDF .zip file Open Specifications Developer Center

(600+ MB)
FAQ: Network Captures for Technology Overview
Standards Support Downloads Documents

Windows Protocols Archived Forums

Technical Documents
Article03/13/2023

This section provides information about the technical specifications that are contained
in the Windows Protocols documentation set.

For preview or pre-release versions of the technical specifications, see Preview

Documents.

Note The inter-document links in a PDF version of a technical specification document

are functional only if all the cross-referenced documents are saved to the same local
directory folder. An error message appears if you click a link that references a PDF
document that is not located in the same folder (when viewing via your local hard drive)
or is part of a different download (when viewing online). To save a complete set of PDF
files to the same folder, download the Windows Protocols .zip file . This is a large file
and can take a few minutes to download.

Specification Description

[MC-BUP]: Specifies the Background Intelligent Transfer Service (BITS) Upload Protocol,
Background which is used to upload large entities from a client to a server over networks
Intelligent Transfer with frequent disconnections, and to send notifications from the server to a
Service (BITS) server application about the availability of the uploaded entities.
Upload Protocol
Click here to view this version of the [MC-BUP] PDF.

[MC-CCFG]: Server Specifies the Server Cluster: Configuration (ClusCfg) Protocol, which enables
Cluster: users to restore a node that is no longer a configured member of a failover
Configuration cluster back to its pre-cluster installation state.
(ClusCfg) Protocol
Click here to view this version of the [MC-CCFG] PDF.

[MC-COMQC]: Specifies the Component Object Model Plus (COM+) Queued Components
Component Protocol, which is used for persisting method calls made on COM+ objects
Object Model Plus in such a way that they can later be played back and executed.
(COM+) Queued
Components Click here to view this version of the [MC-COMQC] PDF.
Protocol

[MC-CSDL]: Specifies the Conceptual Schema Definition File Format, which defines some
Conceptual well-known primitive types, such as Edm.String, that are used as the building
Schema Definition blocks for structural types like Entity Types and Complex Types.
File Format
Click here to view this version of the [MC-CSDL] PDF.
Specification Description

[MC-DPL4CS]: Specifies DirectPlay 4 Protocol: Core and Service Providers. This protocol
DirectPlay 4 enables the implementation of functions to enumerate hosted game
Protocol: Core and sessions and players, to add and remove game players, and to interchange
Service Providers data between game instances.

Click here to view this version of the [MC-DPL4CS] PDF.

[MC-DPL4R]: Specifies the DirectPlay 4 Protocol: Reliable, which describes functionality

DirectPlay 4 related to the reliable delivery of DirectPlay 4 messages and provides
Protocol: Reliable throttling for applications that use DirectPlay 4.

Click here to view this version of the [MC-DPL4R] PDF.

[MC-DPL8CS]: Specifies the DirectPlay 8 Protocol: Core and Service Providers, which creates
DirectPlay 8 and manages game sessions over existing datagram protocols such as UDP.
Protocol: Core and
Service Providers Click here to view this version of the [MC-DPL8CS] PDF.

[MC-DPL8R]: Specifies the DirectPlay 8 Protocol: Reliable, which provides mixed, not
DirectPlay 8 reliable, and reliable messages over existing datagram protocols such as the
Protocol: Reliable User Datagram Protocol (UDP).

Click here to view this version of the [MC-DPL8R] PDF.

[MC-DPLHP]: Specifies the DirectPlay 8 Protocol: Host and Port Enumeration, which
DirectPlay 8 enables a DirectPlay 8 client application to discover one or more DirectPlay 8
Protocol: Host and server applications.
Port Enumeration
Click here to view this version of the [MC-DPLHP] PDF.

[MC-DPLNAT]: Specifies the DirectPlay 8 Protocol: NAT Locator, which provides extensions
DirectPlay 8 to the DirectPlay 8 Core and Service Providers Protocol (as specified in [MC-
Protocol: NAT DPL8CS]) to improve Network Address Translation (NAT) support.
Locator
Click here to view this version of the [MC-DPLNAT] PDF.

[MC-DPLVP]: Specifies the DirectPlay Voice Protocol, which is used to provide voice
DirectPlay Voice communications for applications that use the DirectPlay protocol to
Protocol communicate.

Click here to view this version of the [MC-DPLVP] PDF.

[MC-DRT]: Specifies the Distributed Routing Table (DRT) Version 1.0 protocol, which is
Distributed used to maintain a network of nodes (referred to as a cloud) and to resolve
Routing Table keys to their endpoint information when requested by a node within the
(DRT) Version 1.0 cloud.

Click here to view this version of the [MC-DRT] PDF.

Specification Description

[MC-DTCXA]: Specifies the MSDTC Connection Manager: OleTx Transaction Protocol, which
MSDTC describes the extensions that support XA [XOPEN-DTP]-compliant software
Connection components in an OleTx distributed transaction processing environment.
Manager: OleTx
XA Protocol Click here to view this version of the [MC-DTCXA] PDF.

[MC-EDMX]: Entity Specifies the Entity Data Model for Data Services Packaging Format (EDMX),
Data Model for which is an XML-based file format that serves as the packaging format for
Data Services the service metadata of a data service.
Packaging Format
Click here to view this version of the [MC-EDMX] PDF.

[MC-IISA]: Internet Specifies the Internet Information Services (IIS) Application Host COM
Information Protocol, which provides read/write access to administrative configuration
Services (IIS) data that is located on a remote server.
Application Host
COM Protocol Click here to view this version of the [MC-IISA] PDF.

[MC-MQAC]: Specifies the Message Queuing (MSMQ): ActiveX Client Protocol, which is a
Message Queuing collection of Distributed Component Object Model (DCOM) [MS-DCOM]
(MSMQ): ActiveX interfaces that expose message queuing functionality for use by client
Client Protocol applications.

Click here to view this version of the [MC-MQAC] PDF.

[MC-MQSRM]: Specifies the Message Queuing (MSMQ): SOAP Reliable Messaging Protocol
Message Queuing (SRMP), which defines a mechanism for reliably transferring messages
(MSMQ): SOAP between two message queues that are located on two different hosts.
Reliable
Messaging Click here to view this version of the [MC-MQSRM] PDF.
Protocol (SRMP)

[MC-NBFS]: .NET Specifies the SOAP data structure for the .NET Binary Format for XML. This
Binary Format: structure uses the XML data structure format [MC-NBFX], but specifies the
SOAP Data set of strings to which a producer and consumer can refer.
Structure
Click here to view this version of the [MC-NBFS] PDF.

[MC-NBFSE]: .NET Specifies the SOAP extension for the .NET Binary Format for XML. This SOAP
Binary Format: extension is a new format built by extending the format specified in [MC-
SOAP Extension NBFS]; it provides a context under which strings may be transmitted once
and referred to by subsequent documents in order to reduce the size of the
documents.

Click here to view this version of the [MC-NBFSE] PDF.

Specification Description

[MC-NBFX]: .NET Specifies the XML data structure for the .NET Binary Format for XML. This
Binary Format: format can represent many XML documents, as specified in [XML1.0]. The
XML Data purpose of the format is to reduce the processing costs associated with XML
Structure documents by encoding an XML document in fewer bytes than the same
document encoded in UTF-8, as specified in [RFC2279].

Click here to view this version of the [MC-NBFX] PDF.

[MC-NETCEX]: Specifies the .NET Context Exchange Protocol, which defines a message
.NET Context syntax for identifying context that is shared between a client and a server,
Exchange Protocol and a protocol for establishing that context.

Click here to view this version of the [MC-NETCEX] PDF.

[MC-NMF]: .NET Specifies the .NET Message Framing Protocol, which defines a mechanism
Message Framing for framing messages. While this is primarily aimed at framing SOAP
Protocol messages, the protocol can be used to frame other message types as well.

Click here to view this version of the [MC-NMF] PDF.

[MC-NPR]: .NET Specifies the .NET Packet Routing Protocol, which defines a SOAP message
Packet Routing header to indicate that a message can safely be treated as a packet or
Protocol datagram.

Click here to view this version of the [MC-NPR] PDF.

[MC-PRCH]: Peer Specifies the Peer Channel Protocol, which is used for broadcasting
Channel Protocol messages over a virtual network of cooperating nodes.

Click here to view this version of the [MC-PRCH] PDF.

[MC-PRCR]: Peer Specifies the Peer Channel Custom Resolver Protocol, which is used for
Channel Custom storage and retrieval of endpoint information of clients with access to a
Resolver Protocol known service.

Click here to view this version of the [MC-PRCR] PDF.

[MC-SMP]: Specifies the Session Multiplex Protocol, which provides session

Session Multiplex management capabilities between a database client and a database server.
Protocol This protocol enables multiple logical client connections to connect to a
single server over a single physical connection.

Click here to view this version of the [MC-SMP] PDF.

[MC-SQLR]: SQL Specifies the SQL Server Resolution Protocol, which facilitates connectivity to
Server Resolution a database server.
Protocol
Click here to view this version of the [MC-SQLR] PDF.
Specification Description

[MS-ABTP]: Specifies the Automatic Bluetooth Pairing Protocol, which facilitates the
Automatic establishment of a secure, trusted Bluetooth pairing relationship between
Bluetooth Pairing two devices without requiring any user interaction at the time of pairing.
Protocol
Click here to view this version of the [MS-ABTP] PDF.

[MS-ADA1]: Active Specifies the Active Directory Schema Attributes A-L, which contains a partial
Directory Schema list of the objects that exist in the Active Directory schema (attributes
Attributes A-L beginning with A - L).

Click here to view this version of the [MS-ADA1] PDF.

[MS-ADA2]: Active Specifies the Active Directory Schema Attributes M, which contains a partial
Directory Schema list of the objects that exist in the Active Directory schema (attributes
Attributes M beginning with M).

Click here to view this version of the [MS-ADA2] PDF.

[MS-ADA3]: Active Specifies the Active Directory Schema Attributes N-Z, which contains a
Directory Schema partial list of the objects that exist in the Active Directory schema (attributes
Attributes N-Z beginning with N through Z).

Click here to view this version of the [MS-ADA3] PDF.

[MS-ADCAP]: Specifies the Active Directory Web Services: Custom Action Protocol, used
Active Directory for directory access in identity management and topology management.
Web Services: This protocol enables the transition of client applications that are currently
Custom Action using non-web services protocols for managing information held in
Protocol directory services to instead use Web services protocols.

Click here to view this version of the [MS-ADCAP] PDF.

[MS-ADDM]: Specifies the Active Directory Web Services: Data Model and Common
Active Directory Elements. This protocol contains an XML data model and other protocol
Web Services: components (such as the definition of an XPath 1.0-derived selection
Data Model and language) that are used in various protocols that belong to the set of Active
Common Directory Web Services protocols.
Elements
Click here to view this version of the [MS-ADDM] PDF.

[MS-ADFSOAL]: Specifies the Active Directory Federation Services OAuth Authorization Code
Active Directory Lookup Protocol, which is used to find the issuing server of an access token
Federation for an OAuth authorization code.
Services OAuth
Authorization Click here to view this version of the [MS-ADFSOAL] PDF.
Code Lookup
Protocol
Specification Description

[MS-ADFSPIP]: Specifies the Active Directory Federation Services Proxy and Web Application
Active Directory Proxy Integration Protocol. This protocol integrates Active Directory
Federation Federation Services with an authentication and application proxy to enable
Services and Proxy access to services located inside the boundaries of the corporate network for
Integration clients that are located outside of that boundary.
Protocol
Click here to view this version of the [MS-ADFSPIP] PDF.

[MS-ADFSPP]: Specifies the Federation Service Proxy Protocol, which is used by a security
Active Directory token service (STS) proxy to obtain configuration data about an STS in order
Federation Service to assist users in selecting an acceptable security realm from which to obtain
(AD FS) Proxy a security token.
Protocol
Click here to view this version of the [MS-ADFSPP] PDF.

[MS-ADFSWAP]: Specifies the Federation Service Web Agent Protocol, which is used by a
Active Directory Web service (WS) resource to obtain configuration data about a security
Federation Service token service (STS) in order to validate tokens from that STS using the
(AD FS) Web protocol defined in [MS-MWBF].
Agent Protocol
Click here to view this version of the [MS-ADFSWAP] PDF.

[MS-ADLS]: Active Specifies the Active Directory Lightweight Directory Services Schema, which
Directory contains a list of the objects that exist in the Active Directory Lightweight
Lightweight Directory Services schema.
Directory Services
Schema Click here to view this version of the [MS-ADLS] PDF.

[MS-ADSC]: Active Specifies the Active Directory Schema Classes, which contains a partial list of
Directory Schema objects that exist in the Active Directory schema.
Classes
Click here to view this version of the [MS-ADSC] PDF.

[MS-ADTG]: Specifies the Remote Data Services (RDS) Transport Protocol, an HTTP
Remote Data request/response protocol that facilitates remote method definition and
Services (RDS) invocation, method definitions for executing database commands and for
Transport Protocol synchronizing database results, and definition of a record format for
encoding of database results.

Click here to view this version of the [MS-ADTG] PDF.

[MS-ADTS]: Active Specifies the core functionality of Active Directory. Active Directory extends
Directory and provides variations of the Lightweight Directory Access Protocol (LDAP).
Technical
Specification Click here to view this version of the [MS-ADTS] PDF.
Specification Description

[MS-AIPS]: Specifies the Authenticated Internet Protocol. This protocol supports a more
Authenticated generalized authentication exchange than the Internet Key Exchange
Internet Protocol Protocol and provides the optimizations in key exchange and policy
discoverability.

Click here to view this version of the [MS-AIPS] PDF.

[MS-APDS]: Specifies Authentication Protocol Domain Support, which is the

Authentication communication process between a server and a domain controller that uses
Protocol Domain Netlogon interfaces to complete an authentication sequence.
Support
Click here to view this version of the [MS-APDS] PDF.

[MS-ASP]: Specifies the ASP.NET State Server Protocol, which is a contract for
ASP.NET State transmitting session state data between a client and a state server.
Server Protocol
Click here to view this version of the [MS-ASP] PDF.

[MS-AZMP]: Specifies the Authorization Manager (AzMan) Policy File Format, which
Authorization defines the XML structure of AzMan policy files. These files are used by the
Manager (AzMan) Microsoft Management Console (MMC) AzMan snap-in and the
Policy File Format authorization manager runtime.

Click here to view this version of the [MS-AZMP] PDF.

[MS-BDSRR]: Specifies the Business Document Scanning: Scan Repository Capabilities and
Business Status Retrieval Protocol, which is used to query a server for the capabilities
Document and status of the scan repository.
Scanning: Scan
Repository Click here to view this version of the [MS-BDSRR] PDF.
Capabilities and
Status Retrieval
Protocol

[MS-BGPP]: Specifies Border Gateway Protocol (BGP) Profile a dynamic routing protocol
Border Gateway that automatically learns routes between sites that are connected using site-
Protocol (BGP) to-site VPN connections and clarifies what portions of [RFC1997] and
Profile [RFC4271] are not supported.

Click here to view this version of the [MS-BGPP] PDF.

[MS-BKRP]: Specifies the BackupKey Remote Protocol. This protocol encrypts secret
BackupKey values (such as cryptographic keys) so they can be backed up to storage that
Remote Protocol is not specially protected, and enables decryption of such values if recovery
is necessary.

Click here to view this version of the [MS-BKRP] PDF.

Specification Description

[MS-BKUP]: Specifies the Microsoft NT Backup File Structure protocol, which describes
Microsoft NT the network format of the Windows NT backup file format and its
Backup File constituent structures that may be used in other protocols.
Structure
Click here to view this version of the [MS-BKUP] PDF.

[MS-BPAU]: Specifies the Background Intelligent Transfer Service (BITS) Peer-Caching:

Background Peer Authentication Protocol. This protocol provides authentication for
Intelligent Transfer computers in an Active Directory domain in support of the BITS Peer-
Service (BITS) Caching Content Retrieval Protocol ([MS-BPCR]).
Peer-Caching:
Peer Click here to view this version of the [MS-BPAU] PDF.
Authentication
Protocol

[MS-BPCR]: Specifies the Background Intelligent Transfer Service (BITS) Peer-Caching:

Background Content Retrieval Protocol, which is one of the family of protocols that
Intelligent Transfer implements a distributed URL cache known as ""BITS peer-caching"". Other
Service (BITS) protocols in the family are used to discover potential peers and to
Peer-Caching: authenticate them.
Content Retrieval
Protocol Click here to view this version of the [MS-BPCR] PDF.

[MS-BPDP]: Specifies the Background Intelligent Transfer Service (BITS) Peer-Caching:

Background Peer Discovery Protocol, which is used to locate hosts in a domain that
Intelligent Transfer supports the URL-caching protocol implemented by BITS.
Service (BITS)
Peer-Caching: Click here to view this version of the [MS-BPDP] PDF.
Peer Discovery
Protocol

[MS-BRWS]: Specifies the Common Internet File System (CIFS) Browser Protocol, which
Common Internet updates all backup browser servers with the contents of the response to a
File System (CIFS) NetServerEnum2 request and shares the processing load of enumerating the
Browser Protocol services available in the network across different servers.

Click here to view this version of the [MS-BRWS] PDF.

[MS-BRWSA]: Specifies the Common Internet File System (CIFS) Browser Auxiliary Protocol,
Common Internet which is used by the master browser server to query configuration
File System (CIFS) information for the domains from the domain master browser server.
Browser Auxiliary
Protocol Click here to view this version of the [MS-BRWSA] PDF.
Specification Description

[MS-CAPR]: Specifies the Central Access Policy ID Retrieval Protocol, which allows
Central Access administrative applications to retrieve the set of central access policies
Policy Identifier deployed on remote computers.
(ID) Retrieval
Protocol Click here to view this version of the [MS-CAPR] PDF.

[MS-CBCP]: Specifies the Callback Control Protocol, which provides a standard method
Callback Control for transporting multi-protocol datagrams over point-to-point links.
Protocol
Click here to view this version of the [MS-CBCP] PDF.

[MS-CDP]: Specifies the Connected Devices Platform Protocol Version 3. This protocol
Connected provides a discovery system to authenticate and verify users and devices, as
Devices Platform well as providing a message exchange between devices. It provides a
Protocol Version 3 transport-agnostic means of building connections among all of a user's
devices, whether available through the cloud or through direct physical
presence.

Click here to view this version of the [MS-CDP] PDF.

[MS-CER]: Specifies the Corporate Error Reporting Version 1.0 Protocol, which enables
Corporate Error an organization to copy error reports from a set of client machines to a CER
Reporting Version file share on a specified Server Message Block (SMB) Protocol file server with
1.0 Protocol additional configuration options.

Click here to view this version of the [MS-CER] PDF.

[MS-CER2]: Specifies the Corporate Error Reporting V.2 Protocol, which enables
Corporate Error enterprise computing sites to manage all error reporting information within
Reporting V.2 the organization.
Protocol
Click here to view this version of the [MS-CER2] PDF.

[MS-CFB]: Specifies the Compound File Binary File Format, a general-purpose file
Compound File format that provides a file-system-like structure within a file for the storage
Binary File Format of arbitrary, application-specific streams of data.

Click here to view this version of the [MS-CFB] PDF.

[MS-CHAP]: Specifies the Extensible Authentication Protocol Method for Microsoft

Extensible Challenge Handshake Authentication Protocol (CHAP). This protocol enables
Authentication extensible authentication for network access.
Protocol Method
for Microsoft Click here to view this version of the [MS-CHAP] PDF.
Challenge
Handshake
Authentication
Protocol (CHAP)
Specification Description

[MS-CIFS]: Specifies the Common Internet File System (CIFS) Protocol, a cross-platform,
Common Internet transport-independent protocol that provides a mechanism for client
File System (CIFS) systems to use file and print services made available by server systems over
Protocol a network.

Click here to view this version of the [MS-CIFS] PDF.

[MS-CMOM]: Specifies the MSDTC Connection Manager: OleTx Management Protocol. This
MSDTC protocol enables the remote management of an OleTx Transaction Manager
Connection and its extensions.
Manager: OleTx
Management Click here to view this version of the [MS-CMOM] PDF.
Protocol

[MS-CMP]: MSDTC Specifies the MSDTC Connection Manager Protocol: Connection Multiplexing
Connection Protocol, which enables partners to multiplex any number of two-way
Manager: OleTx connections over the MSDTC Connection Manager: OleTx Transports
Multiplexing Protocol session.
Protocol
Click here to view this version of the [MS-CMP] PDF.

[MS-CMPO]: Specifies the MSDTC Connection Manager: OleTx Transports Protocol, a

MSDTC peer-to-peer messaging protocol layered over a bidirectional pair of RPC
Connection connections.
Manager: OleTx
Transports Click here to view this version of the [MS-CMPO] PDF.
Protocol

[MS-CMRP]: Specifies the Failover Cluster: Management API (ClusAPI) Protocol, an RPC-
Failover Cluster: based protocol that is used for remotely managing a cluster.
Management API
(ClusAPI) Protocol Click here to view this version of the [MS-CMRP] PDF.

[MS-COM]: Specifies the Component Object Model Plus (COM+) Protocol, which
Component consists of a DCOM interface (and DCOM protocol extensions) that is used
Object Model Plus for adding transactions, implementing synchronization, managing multiple
(COM+) Protocol object class configurations, enforcing security, and providing additional
functionality and attributes to DCOM-based distributed object applications.

Click here to view this version of the [MS-COM] PDF.

[MS-COMA]: Specifies the Component Object Model Plus (COM+) Remote Administration
Component Protocol, which enables remote clients to register, import, remove,
Object Model Plus configure, control, and monitor components and conglomerations for an
(COM+) Remote Object Request Broker (ORB).
Administration
Protocol Click here to view this version of the [MS-COMA] PDF.
Specification Description

[MS-COMEV]: Specifies the Component Object Model Plus (COM+) Event System Protocol,
Component which is a protocol that exposes DCOM interfaces for storing and managing
Object Model Plus configuration data for publishers of events and their respective subscribers
(COM+) Event on remote computers. This protocol also specifies how to get specific
System Protocol information about a publisher and its subscribers.

Click here to view this version of the [MS-COMEV] PDF.

[MS-COMT]: Specifies the Component Object Model Plus (COM+) Tracker Service
Component Protocol, which enables clients to monitor running instances of components.
Object Model Plus
(COM+) Tracker Click here to view this version of the [MS-COMT] PDF.
Service Protocol

[MS-CPSP]: Specifies the Connection Point Services: Phonebook Data Structure. This
Connection Point structure describes a format for documenting POP entry information and a
Services: logical grouping of POPs based on their geographic location.
Phonebook Data
Structure Click here to view this version of the [MS-CPSP] PDF.

[MS-CRTD]: Specifies the Certificate Templates Structure. This structure describes the
Certificate syntax and interpretation of certificate templates, which forms the basis of
Templates certificate management for the Certificate Templates Protocol.
Structure
Click here to view this version of the [MS-CRTD] PDF.

[MS-CSRA]: Specifies the Certificate Services Remote Administration Protocol, which

Certificate consists of a set of Distributed Component Object Model (DCOM) interfaces
Services Remote that enable administrative tools to configure the state and policy of a
Administration certification authority (CA) on a server.
Protocol
Click here to view this version of the [MS-CSRA] PDF.

[MS-CSSP]: Specifies the Credential Security Support Provider (CredSSP) Protocol, which
Credential enables an application to securely delegate a user's credentials from a client
Security Support to a target server.
Provider
(CredSSP) Click here to view this version of the [MS-CSSP] PDF.
Protocol

[MS-CSVP]: Specifies the Failover Cluster: Setup and Validation Protocol (ClusPrep),
Failover Cluster: which remotely configures cluster nodes, cleans up cluster nodes, and
Setup and validates that hardware and software settings are compatible with Failover
Validation Clustering.
Protocol
(ClusPrep) Click here to view this version of the [MS-CSVP] PDF.
Specification Description

[MS-CTA]: Claims Specifies the Claims Transformation Algorithm (CTA), which consists of two
Transformation components: a grammar describing a transformation rules language and an
Algorithm algorithm for transforming input claims into output claims. A claim is an
assertion about a user identity in the form of a name-value tuple. Sets of
claims are transformed from sending authority formats to receiving authority
formats at authentication trust traversal boundaries.

Click here to view this version of the [MS-CTA] PDF.

[MS-DCHT]: Specifies the Desktop Chat Protocol, which is the mechanism by which the
Desktop Chat Windows Chat application in Windows communicates information between
Protocol remote users.

Click here to view this version of the [MS-DCHT] PDF.

[MS-DCLB]: Specifies the Desktop Clipboard Protocol, which uses the Network Dynamic
Desktop Data Exchange (NetDDE) Protocol to implement a distributed store for
Clipboard graphical user interface (GUI) objects for desktop cut-and-paste operations.
Protocol
Click here to view this version of the [MS-DCLB] PDF.

[MS-DCOM]: Specifies the Distributed Component Object Model (DCOM) Remote

Distributed Protocol, which exposes application objects via remote procedure calls
Component (RPCs) and consists of a set of extensions layered on the Microsoft Remote
Object Model Procedure Call Extensions.
(DCOM) Remote
Protocol Click here to view this version of the [MS-DCOM] PDF.

[MS-DFSC]: Specifies the Distributed File System (DFS): Referral Protocol, which enables
Distributed File file system clients to resolve names from a namespace distributed across
System (DFS): many servers and geographies into local names on specific file servers.
Referral Protocol
Click here to view this version of the [MS-DFSC] PDF.

[MS-DFSNM]: Specifies the Distributed File System (DFS): Namespace Management

Distributed File Protocol, which provides an RPC interface for administering DFS
System (DFS): configurations. The client is an application that issues method calls on the
Namespace RPC interface to administer DFS. The server is a DFS service that implements
Management support for this RPC interface for administering DFS.
Protocol
Click here to view this version of the [MS-DFSNM] PDF.

[MS-DFSRH]: DFS Specifies the DFS Replication Helper Protocol, which is made up of a set of
Replication Helper distributed component object model (DCOM) interfaces for configuring and
Protocol monitoring DFS Replication Helper Protocols on a server.

Click here to view this version of the [MS-DFSRH] PDF.

Specification Description

[MS-DHA]: Device Specifies the Device Health Attestation Service Protocol, which enables the
Health Attestation assessment of the attested boot state of devices. The outcome of the health
Protocol assessment is included in a signed health certificate which can then be
evaluated by other services to determine whether a device is meeting
enterprise corporate policy for device health, or by third party services to
identify jailbroken devices that should not receive content or access to
certain resources.

Click here to view this version of the [MS-DHA] PDF.

[MS-DHCPE]: Specifies the Dynamic Host Configuration Protocol (DHCP), which describes
Dynamic Host the Microsoft specific vendor-class options included in the Microsoft
Configuration implementation of DHCP.
Protocol (DHCP)
Extensions Click here to view this version of the [MS-DHCPE] PDF.

[MS-DHCPF]: Specifies the DHCP Failover Protocol Extension, which extends the DHCP
DHCP Failover Failover Protocol by encrypting messages sent between the servers in a
Protocol Extension failover relationship and by providing client implementation options.

Click here to view this version of the [MS-DHCPF] PDF.

[MS-DHCPM]: Specifies the Microsoft Dynamic Host Configuration Protocol (DHCP) Server
Microsoft Management Protocol, which defines the RPC interfaces that provide
Dynamic Host methods for remotely accessing and administering the DHCP server. This
Configuration protocol is a client and server protocol based on RPC that is used in the
Protocol (DHCP) configuration, management, and monitoring of a DHCP server.
Server
Management Click here to view this version of the [MS-DHCPM] PDF.
Protocol

[MS-DHCPN]: Specifies the Dynamic Host Configuration Protocol (DHCP) Extensions for
Dynamic Host Network Access Protection (NAP), which is designed to reduce the
Configuration administrative burden and complexity of configuring hosts on a TCP/IP-
Protocol (DHCP) based network, such as a private intranet, and is one enforcement method
Extensions for supported by Network Access Protection (NAP).
Network Access
Protection (NAP) Click here to view this version of the [MS-DHCPN] PDF.

[MS-DLNHND]: Specifies Digital Living Network Alliance (DLNA) Home Networked Device
Digital Living Interoperability Guidelines: Microsoft Extensions. The DLNA Guidelines
Network Alliance define protocol extensions to protocols related to streaming of content.
(DLNA)
Networked Device Click here to view this version of the [MS-DLNHND] PDF.
Interoperability
Guidelines:
Microsoft
Extensions
Specification Description

[MS-DLTCS]: Specifies the Distributed Link Tracking Central Store Protocol, which defines
Distributed Link how the Active Directory objects are defined, updated, and interpreted. [MS-
Tracking Central DLTCS] works with the Distributed Link Tracking (DLT) Workstation Protocol
Store Protocol and the DLT Central Manager Protocol ([MS-DLTM]), the two other protocols
that make up Distributed Link Tracking.

Click here to view this version of the [MS-DLTCS] PDF.

[MS-DLTM]: Specifies the Distributed Link Tracking: Central Manager Protocol, which
Distributed Link works with the Distributed Link Tracking (DLT) Workstation Protocol to
Tracking: Central discover the new location of a file that has moved. DLT can determine
Manager Protocol whether the file has moved on a mass-storage device, within a computer, or
between computers in a network. The DLT Central Manager Protocol keeps
track of file and volume moves and other relevant information from
participating computers in order to provide this information in response to
workstation queries.

Click here to view this version of the [MS-DLTM] PDF.

[MS-DLTW]: Specifies the Distributed Link Tracking: Workstation Protocol, which works
Distributed Link with the Distributed Link Tracking (DLT) Central Manager Protocol to
Tracking: discover the new location of a file that has moved. DLT can determine
Workstation whether the file has moved on a mass-storage device, within a computer, or
Protocol between computers in a network.

Click here to view this version of the [MS-DLTW] PDF.

[MS-DMCT]: Specifies the Device Media Control Protocol. which uses the Device Services
Device Media Lightweight Remoting Protocol [MS-DSLR] to enable a computer to control
Control Protocol media playback in an active device session.

Click here to view this version of the [MS-DMCT] PDF.

[MS-DMRP]: Disk Specifies the Disk Management Remote Protocol, a set of Distributed
Management Component Object Model (DCOM) interfaces that manages storage objects
Remote Protocol on a machine.

Click here to view this version of the [MS-DMRP] PDF.

[MS-DNSP]: Specifies the Domain Name Service (DNS) Server Management Protocol,
Domain Name which defines the RPC interfaces that provide methods for remotely
Service (DNS) accessing and administering a DNS server. It is a client and server protocol
Server based on RPC that is used in the configuration, management, and
Management monitoring of a DNS server.
Protocol
Click here to view this version of the [MS-DNSP] PDF.
Specification Description

[MS-DPDX]: Specifies the DirectPlay DXDiag Usage Protocol, intended for peer-to-peer
DirectPlay DXDiag network video gaming and used by the DXDiag application.
Usage Protocol
Click here to view this version of the [MS-DPDX] PDF.

[MS-DPSP]: Digest Specifies the Digest Protocol Extensions, which describes the variations in
Protocol the Windows implementation of the Digest Authentication protocol from the
Extensions standard, as specified in [RFC2617].

Click here to view this version of the [MS-DPSP] PDF.

[MS-DPWSRP]: Specifies the Shell Publishing data structure. This data structure is used by
Devices Profile for the HomeGroup Protocol to advertise shared files and folders in a
Web Services HomeGroup peer-to-peer network environment.
(DPWS): Shared
Resource Click here to view this version of the [MS-DPWSRP] PDF.
Publishing Data
Structure

[MS-DPWSSN]: Specifies the Devices Profile for Web Services (DPWS): Size Negotiation
Devices Profile for Extension. This is an extension to the Devices Profile for Web Services
Web Services (DPWS) and enables the negotiation of message sizes between a client and a
(DPWS): Size service for a specific message transaction.
Negotiation
Extension Click here to view this version of the [MS-DPWSSN] PDF.

[MS-DRM]: Digital Specifies the Digital Rights Management License Protocol, which provides
Rights secure distribution, promotion, and sale of digital media content.
Management
License Protocol Click here to view this version of the [MS-DRM] PDF.

[MS-DRMCD]: Specifies the Media Transfer Protocol (MTP): WMDRM Portable Device
Windows Media Extensions, which support digital rights management for portable consumer
Digital Rights electronic devices. These protocol extensions can be used to enable
Management consumers to experience audio and/or video on portable devices, while
(WMDRM): MTP protecting the rights of the content owner.
Command
Extension Click here to view this version of the [MS-DRMCD] PDF.

[MS-DRMND]: Specifies the Windows Media Digital Rights Management (WMDRM):

Windows Media Network Devices Protocol. This protocol enables consumers to experience
Digital Rights multimedia content on multiple devices in the home, while protecting the
Management rights of the content owner.
(WMDRM):
Network Devices Click here to view this version of the [MS-DRMND] PDF.
Protocol
Specification Description

[MS-DRMRI]: Specifies the Windows Media Digital Rights Management for Network
Windows Media Devices (WMDRM-ND): Registrar Initiation Protocol, a set of services
Digital Rights provided by a host (for example, a personal computer) and a client (for
Management for example, an extender device) that allows a WMDRM-ND registration and
Network Devices authentication process to be remotely initiated and completed between the
(WMDRM-ND): host and client. This allows DRM-protected contents stored on the host to
Registrar Initiation be shared securely with the client.
Protocol
Click here to view this version of the [MS-DRMRI] PDF.

[MS-DRSR]: Specifies the Directory Replication Service (DRS) Remote Protocol, an RPC
Directory protocol for replication and management of data in Active Directory.
Replication
Service (DRS) Click here to view this version of the [MS-DRSR] PDF.
Remote Protocol

[MS-DSCPM]: Specifies the Desired State Configuration Pull Model Protocol, which is used
Desired State to get a client's configuration and modules from the server and to report the
Configuration Pull client's status back to the server. The protocol depends on HTTP for the
Model Protocol transfer of all protocol messages. With the Desired State Configuration Pull
Model Protocol, binary data flows from the server to the client.

Click here to view this version of the [MS-DSCPM] PDF.

[MS-DSLR]: Device Specifies the Device Services Lightweight Remoting Protocol, which enables
Services remoting of services (objects, function calls, events, and so on) over a
Lightweight reliable point-to-point channel.
Remoting
Protocol Click here to view this version of the [MS-DSLR] PDF.

[MS-DSML]: Specifies the Directory Services Markup Language (DSML) 2.0 Protocol
Directory Services Extensions. The SOAP session extensions (SSE) make it possible to maintain
Markup Language state information across multiple request/response operations.
(DSML) 2.0
Protocol Click here to view this version of the [MS-DSML] PDF.
Extensions

[MS-DSMN]: Specifies the Device Session Monitoring Protocol, which enables a client
Device Session device to monitor the status of the host in a remote session. DSMN is built
Monitoring on the Device Services Lightweight Remoting Protocol [MS-DSLR].
Protocol
Click here to view this version of the [MS-DSMN] PDF.

[MS-DSPA]: Specifies the Device Session Property Access Protocol, which enables a
Device Session computer to exchange name-value pairs with a device in an active device
Property Access session. The Device Session Property Access Protocol uses the Device
Protocol Services Lightweight Remoting Protocol [MS-DSLR] to enable the exchange.

Click here to view this version of the [MS-DSPA] PDF.

Specification Description

[MS-DSSP]: Specifies the Directory Services Setup Remote Protocol, which exposes an
Directory Services RPC interface that a client can call to obtain domain-related computer state
Setup Remote and configuration information.
Protocol
Click here to view this version of the [MS-DSSP] PDF.

[MS-DTAG]: Specifies the Device Trust Agreement Protocol, which enables two UPnP
Device Trust endpoints to securely exchange certificates over an unsecure network and to
Agreement establish a trust relationship by means of a simple, one-time shared secret.
Protocol
Click here to view this version of the [MS-DTAG] PDF.

[MS-DTCLU]: Specifies the MSDTC Connection Manager: OleTx Transaction Protocol

MSDTC Logical Unit Mainframe Extension, which provides concrete mechanisms for
Connection associating an Atomic Transaction and an LU type 6.2 Logical Unit of Work.
Manager: OleTx
Transaction Click here to view this version of the [MS-DTCLU] PDF.
Protocol Logical
Unit Mainframe
Extension

[MS-DTCM]: Specifies the MSDTC Connection Manager: OleTx Transaction Internet

MSDTC Protocol, which extends the OleTx protocol (see [MS-DTCO]) to enable its
Connection interoperation with the open-standard Transaction Internet Protocol (TIP).
Manager: OleTx
Transaction Click here to view this version of the [MS-DTCM] PDF.
Internet Protocol

[MS-DTCO]: Specifies the MSDTC Connection Manager: OleTx Transaction Protocol, which
MSDTC provides concrete mechanisms for beginning, propagating, and completing
Connection atomic transactions. This protocol also provides mechanisms for
Manager: OleTx coordinating agreement on a single atomic outcome for each transaction,
Transaction and for reliably distributing that outcome to all participants in the
Protocol transaction.

Click here to view this version of the [MS-DTCO] PDF.

[MS-DVRD]: Specifies the Device Registration Discovery Protocol, which is used to

Device discover information about servers that can register corporate-owned and
Registration personal devices with a corporate network.
Discovery
Protocol Click here to view this version of the [MS-DVRD] PDF.

[MS-DVRE]: Specifies the Device Registration Enrollment Protocol, which is used to

Device register corporate-owned and personal devices with a corporate network.
Registration
Enrollment Click here to view this version of the [MS-DVRE] PDF.
Protocol
Specification Description

[MS-DVRJ]: Device Specifies the Device Registration Join Protocol, which establishes a device
Registration Join identity between the physical device and a directory service. The identity is
Protocol used at the system level to identify the device only.

Click here to view this version of the [MS-DVRJ] PDF.

[MS-ECS]: Specifies the Enterprise Client Sync protocol, which enables devices (such as
Enterprise Client tablets, PCs, or laptops) to synchronize files to and from a file server in a
Synchronization REST-based manner.
Protocol
Click here to view this version of the [MS-ECS] PDF.

[MS-EERR]: Specifies the ExtendedError Remote Data Structure, which encodes extended
ExtendedError error information. This data structure assumes that the reader has familiarity
Remote Data with the concepts and the requirements that are detailed in [MS-RPCE] and
Structure [C706].

Click here to view this version of the [MS-EERR] PDF.

[MS-EFSR]: Specifies the Encrypting File System Remote (EFSRPC) Protocol, which
Encrypting File performs maintenance and management operations on encrypted data that
System Remote is stored remotely and accessed over a network.
(EFSRPC) Protocol
Click here to view this version of the [MS-EFSR] PDF.

[MS-EMF]: Specifies the Enhanced Metafile Format (EMF) structure, which can store a
Enhanced Metafile picture in device-independent form.
Format
Click here to view this version of the [MS-EMF] PDF.

[MS-EMFPLUS]: Specifies the Enhanced Metafile Format Plus Extensions, which defines a
Enhanced Metafile device-independent structure that encapsulates graphics commands and
Format Plus objects for storage or for sending to devices, such as displays and printers
Extensions that support the drawing of images, graphics, and text.

Click here to view this version of the [MS-EMFPLUS] PDF.

[MS-EMFSPOOL]: Specifies the Enhanced Metafile Spool Format. This structure specifies a
Enhanced Metafile metafile format that can store a print job in portable form.
Spool Format
Click here to view this version of the [MS-EMFSPOOL] PDF.

[MS-EVEN]: Specifies the EventLog Remoting Protocol, which exposes the RPC methods
EventLog for reading events in both live and backup event logs on remote computers.
Remoting
Protocol Click here to view this version of the [MS-EVEN] PDF.
Specification Description

[MS-EVEN6]: Specifies the EventLog Remoting Protocol Version 6.0 protocol, which
EventLog exposes RPC methods for reading events in both live and backup event logs
Remoting on remote computers. This protocol was originally made available for
Protocol Version Windows Vista.
6.0
Click here to view this version of the [MS-EVEN6] PDF.

[MS-FASP]: Specifies the Firewall and Advanced Security Protocol. The protocol manages
Firewall and firewall and advanced security components on remote computers.
Advanced Security
Protocol Click here to view this version of the [MS-FASP] PDF.

[MS-FAX]: Fax Specifies the Fax Server and Client Remote Protocol. It is an RPC-based,
Server and Client client-server protocol, and is used to send faxes and to manage the fax
Remote Protocol server and its queues.

Click here to view this version of the [MS-FAX] PDF.

[MS-FCIADS]: File Specifies the File Classification Infrastructure Alternate Data Stream (ADS)
Classification File Format, which consists of structures for persisting file metadata
Infrastructure information into NTFS alternate data streams.
Alternate Data
Stream (ADS) File Click here to view this version of the [MS-FCIADS] PDF.
Format

[MS-FRS1]: File Specifies the File Replication Service Protocol, which is a replication protocol
Replication that is used to replicate files and folders across one or more members in an
Service Protocol Active Directory domain. It works to keep copies of a file system tree up to
date on all members of a replication group, while allowing any member of
the group to change the contents at any time.

Click here to view this version of the [MS-FRS1] PDF.

[MS-FRS2]: Specifies the SD Microsoft Distributed File System Replication Protocol,

Distributed File which defines an RPC interface that replicates files between servers and
System enables the creation of multimaster optimistic file replication systems.
Replication
Protocol Click here to view this version of the [MS-FRS2] PDF.

[MS-FSA]: File Specifies File System Algorithms in terms of an abstract model for how an
System object store can be implemented to support the Server Message Block
Algorithms (SMB) Version 1.0 Protocol [MS-SMB] and the Server Message Block (SMB)
Version 2.0 Protocol [MS-SMB2].

Click here to view this version of the [MS-FSA] PDF.

Specification Description

[MS-FSCC]: File Specifies the File System Control Codes that define the network format of
System Control native Windows structures that may be used within other protocols.
Codes
Click here to view this version of the [MS-FSCC] PDF.

[MS-FSRM]: File Specifies the File Server Resource Manager Protocol, which implements a set
Server Resource of a Distributed Component Object Model (DCOM) interfaces for managing
Manager Protocol the configuration of directory quotas, file screens, and storage report jobs
on a machine.

Click here to view this version of the [MS-FSRM] PDF.

[MS-FSRVP]: File Specifies the File Server Remote VSS Protocol, an RPC-based protocol used
Server Remote for creating shadow copies of file shares on a remote computer, and for
VSS Protocol facilitating backup applications in performing application-consistent backup
and restore of data on SMB2 shares.

Click here to view this version of the [MS-FSRVP] PDF.

[MS-FSVCA]: File Specifies the File Set Version Comparison Algorithms, which is used by the
Set Version Enterprise Client Synchronization Protocol to build and serialize a compact
Comparison representation of version state across a data set consisting of files and
Algorithms directories.

Click here to view this version of the [MS-FSVCA] PDF.

[MS-FTPS]: File Specifies an extension to the File Transfer Protocol over TLS (FTPS). This
Transfer Protocol extends FTPS with a feature known as Implicit SSL and introduces the AUTH
over Secure SSL message to allow interoperability with legacy FTP clients.
Sockets Layer
(FTPS) Click here to view this version of the [MS-FTPS] PDF.

[MS-GKDI]: Group Specifies the Group Key Distribution Protocol, which enables clients to
Key Distribution obtain cryptographic keys associated with Active Directory security
Protocol principals.

Click here to view this version of the [MS-GKDI] PDF.

[MS-GPAC]: Group Specifies the Group Policy: Audit Configuration Extension, which provides a
Policy: Audit mechanism for an administrator to control audit policies on clients.
Configuration
Extension Click here to view this version of the [MS-GPAC] PDF.

[MS-GPCAP]: Specifies the Group Policy: Central Access Policies Extension, which provides
Group Policy: the means of configuring central access policies that are applied to Group
Central Access Policy client computer resources for authorization purposes.
Policies Protocol
Extension Click here to view this version of the [MS-GPCAP] PDF.
Specification Description

[MS-GPDPC]: Specifies the Group Policy: Deployed Printer Connections Extension, which
Group Policy: supports the use of preconfigured collections of shared printer connections.
Deployed Printer
Connections Click here to view this version of the [MS-GPDPC] PDF.
Extension

[MS-GPEF]: Group Specifies the Group Policy: Encrypting File System Extension, which uses the
Policy: Encrypting Microsoft Group Policy Protocol to enable remote administrative
File System configuration of the Encrypting File System.
Extension
Click here to view this version of the [MS-GPEF] PDF.

[MS-GPFAS]: Specifies The Group Policy: Firewall and Advanced Security data structure
Group Policy: extension, which provides a mechanism for an administrator to control the
Firewall and Firewall and Advanced Security behavior of the client through group policy
Advanced Security by using the Group Policy: Registry Extension Encoding protocol [MS-
Data Structure GPREG].

Click here to view this version of the [MS-GPFAS] PDF.

[MS-GPFR]: Group Specifies the Group Policy: Folder Redirection Protocol Extension, which
Policy: Folder provides a mechanism to relocate specific user folders to server disk
Redirection volumes. The protocol extension describes how file system access requests
Protocol Extension to a user's folders are automatically redirected to a newly created folder for
each user.

Click here to view this version of the [MS-GPFR] PDF.

[MS-GPIE]: Group Specifies the Group Policy: Internet Explorer Maintenance Extension, which
Policy: Internet enables administrators to apply custom settings to the Internet Explorer
Explorer configuration on one or more computers to enforce Internet-related security
Maintenance standards and provide a common browser interface within the organization.
Extension
Click here to view this version of the [MS-GPIE] PDF.

[MS-GPIPSEC]: Specifies the IP Security (IPSec) Protocol Extension to the Group Policy: Core
Group Policy: IP Protocol. This extension enables administrators to arbitrarily instruct large
Security (IPsec) groups of client machines to configure their local IPsec/IKE components to
Protocol Extension provide basic IP traffic filtering, IP data integrity, and (optionally) IP data
encryption.

Click here to view this version of the [MS-GPIPSEC] PDF.

[MS-GPNAP]: Specifies the Group Policy: Network Access Protection (NAP) Extension, used
Group Policy: for controlling access to network resources. This extension enables network
Network Access administrators to grant or restrict access to network resources based on
Protection (NAP) client computer identity and compliance with corporate governance policy.
Extension
Click here to view this version of the [MS-GPNAP] PDF.
Specification Description

[MS-GPNRPT]: Specifies the Name Resolution Policy Table (NRPT) Group Policy Data
Group Policy: Extension, an extension to Group Policy: Registry Extension Encoding [MS-
Name Resolution GPREG]. The NRPT Group Policy Data Extension provides a mechanism for an
Policy Table administrator to control any Name Resolution Policy behavior on a client by
(NRPT) Data using group policy-based settings.
Extension
Click here to view this version of the [MS-GPNRPT] PDF.

[MS-GPOL]: Group Specifies the Group Policy: Core Protocol, which enables clients to discover
Policy: Core and retrieve policy settings that administrators of a domain create.
Protocol
Click here to view this version of the [MS-GPOL] PDF.

[MS-GPPREF]: Specifies the Group Policy: Preferences Extension. This extension to the
Group Policy: Group Policy: Core Protocol provides a mechanism to manage and deploy
Preferences policy preferences.
Extension Data
Structure Click here to view this version of the [MS-GPPREF] PDF.

[MS-GPREG]: Specifies the Group Policy: Registry Extension Encoding, an extension to the
Group Policy: Group Policy: Core Protocol. This mechanism enables an administrator to
Registry Extension control any behavior on a client that depends on registry-based settings.
Encoding
Click here to view this version of the [MS-GPREG] PDF.

[MS-GPSB]: Group Specifies the Group Policy: Security Protocol Extension, which is an extension
Policy: Security to the Group Policy: Core Protocol. This extension enables security policies
Protocol Extension to be distributed to multiple client systems, so these systems can enact the
policies in accordance with the intentions of the administrator.

Click here to view this version of the [MS-GPSB] PDF.

[MS-GPSCR]: Specifies the Group Policy: Scripts Extension Encoding, an extension to the
Group Policy: Group Policy: Core Protocol that provides a mechanism for an administrator
Scripts Extension to instruct an arbitrarily large group of clients to execute administrator-
Encoding specified code at computer startup, computer shutdown, user logon, and
user logoff.

Click here to view this version of the [MS-GPSCR] PDF.

[MS-GPSI]: Group Specifies the Group Policy: Software Installation Protocol Extension, which
Policy: Software enables an administrator to install and remove software applications on
Installation client computers.
Protocol Extension
Click here to view this version of the [MS-GPSI] PDF.
Specification Description

[MS-GPWL]: Specifies the Group Policy: Wireless/Wired Protocol Extension, an extension

Group Policy: to the Group Policy: Core Protocol that specifies the behaviors of the
Wireless/Wired Wireless/Wired Group Policy administrative-side and client-side plug-in
Protocol Extension extensions.

Click here to view this version of the [MS-GPWL] PDF.

[MS-GSSA]: Specifies the Generic Security Service Algorithm for Secret Key Transaction
Generic Security Authentication for DNS (GSS-TSIG) Protocol Extension, which identifies one
Service Algorithm possible extension to TSIG based on the Generic Security Service Application
for Secret Key Program Interface (GSS-API).
Transaction
Authentication for Click here to view this version of the [MS-GSSA] PDF.
DNS (GSS-TSIG)
Protocol Extension

[MS-H245]: H.245 Specifies the H.245 Protocol: Microsoft Extensions, which describes
Protocol: Microsoft extensions for the H.323 protocol.
Microsoft
Extensions Click here to view this version of the [MS-H245] PDF.

[MS-H26XPF]: Specifies the Real-Time Transport Protocol (RTP/RTCP): H.261 and H.263
Real-Time Video Streams Extensions, which are used to transmit and receive H.261 or
Transport Protocol H.263 video streams in a two-party, peer-to-peer call.
(RTP/RTCP): H.261
and H.263 Video Click here to view this version of the [MS-H26XPF] PDF.
Streams
Extensions

[MS-HCEP]: Health Specifies the Health Certificate Enrollment Protocol, which enables a network
Certificate endpoint to obtain digital certificates.
Enrollment
Protocol Click here to view this version of the [MS-HCEP] PDF.

[MS-HGRP]: Specifies the HomeGroup Protocol, which is used to create a trust

HomeGroup relationship that facilitates the advertising and publishing of content
Protocol between machines via a peer-to-peer (P2P) infrastructure.

Click here to view this version of the [MS-HGRP] PDF.

[MS-HGSA]: Host Specifies the Host Guardian Services Attestation (HGSA) protocol, one of two
Guardian Service: services that comprise the Host Guardian Service. Host Guardian Service is a
Attestation server role that provides security assurance for Shielded Virtual Machines
Protocol (VMs) by ensuring that Shielded VMs can be run only on known and trusted
fabric hosts that have a legitimate configuration. The other component
service, the Key Protection Service, is specified in the [MS-KPS] protocol
document.

Click here to view this version of the [MS-HGSA] PDF.

Specification Description

[MS-HNDS]: Host Specifies the Host Name Data Structure Extension, which defines the
Name Data allowable host names that may be assigned to a computer.
Structure
Extension Click here to view this version of the [MS-HNDS] PDF.

[MS-HRL]: Hyper- Specifies the Hyper-V Replica Log (HRL) File Format. Hyper-V Replica log
V Replica Log files, required for tracking changes that have been made to the primary
(HRL) File Format server, are created as part of failover replication. They are transported to the
recovery server and parsed; updates are then applied to the recovery server.

Click here to view this version of the [MS-HRL] PDF.

[MS-HTTP2E]: Specifies a profile of and an extension to the Hypertext Transfer Protocol

Hypertext Transfer (HTTP) version 2, which is defined by [RFC7540].
Protocol Version 2
(HTTP/2) Click here to view this version of the [MS-HTTP2E] PDF.
Extension

[MS-HTTPE]: Specifies the Hypertext Transfer Protocol (HTTP) Extensions, which extend
Hypertext Transfer the HyperText Transfer Protocol (HTTP) and deal with internationalization of
Protocol (HTTP) host names and query strings.
Extensions
Click here to view this version of the [MS-HTTPE] PDF.

[MS-HVRS]: Specifies information regarding the implementation for hosting Hyper-V

Hyper-V Remote virtual machine files on Server Message Block (SMB) Version 3 shares.
Storage Profile
Click here to view this version of the [MS-HVRS] PDF.

[MS-ICPR]: Specifies the ICertPassage Remote Protocol, a subset of the Windows Client
ICertPassage Certificate Enrollment Protocol, as specified in [MS-WCCE]. This protocol
Remote Protocol only enables the client to enroll certificates, whereas [MS-WCCE] provides
enrollment and additional functionality.

Click here to view this version of the [MS-ICPR] PDF.

[MS-IISS]: Internet Specifies the Internet Information Services (IIS) ServiceControl Protocol, a
Information client-to-server protocol that enables remote control of Internet services as
Services (IIS) a single unit.
ServiceControl
Protocol Click here to view this version of the [MS-IISS] PDF.

[MS-IKEE]: Specifies the Internet Key Exchange (IKE) Protocol Extensions, which describe
Internet Key the extensions specified in [RFC2409].
Exchange Protocol
Extensions Click here to view this version of the [MS-IKEE] PDF.
Specification Description

[MS-IMSA]: Specifies the Internet Information Services (IIS) IMSAdminBaseW Remote

Internet Protocol, which defines interfaces that provide Unicode-compliant methods
Information for remotely accessing and administering the IIS metabase associated with
Services (IIS) an application that manages IIS configuration, such as the IIS snap-in for
IMSAdminBaseW Microsoft Management Console (MMC).
Remote Protocol
Click here to view this version of the [MS-IMSA] PDF.

[MS-IOI]: Specifies the IManagedObject Interface Protocol. The IManagedObject

IManagedObject interface is a COM interface used by the common language runtime (CLR) to
Interface Protocol identify managed objects (objects created by the CLR) that are exported for
interoperability with the Component Object Model (COM).

Click here to view this version of the [MS-IOI] PDF.

[MS-IPAMM]: IP Specifies the IP Address Management (IPAM) Management Protocol. This

Address protocol is used to remotely retrieve and manage the data in the IPAM data
Management store. The IPAM data store consists of the data pertaining to address space
(IPAM) management, which includes the configuration data available with the DHCP
Management and DNS server instances in the network.
Protocol
Click here to view this version of the [MS-IPAMM] PDF.

[MS-IPAMM2]: IP Specifies the IP Address Management (IPAM) Management Protocol. This

Address protocol is used to remotely retrieve and manage the data in the IPAM data
Management store. The IPAM data store consists of the data pertaining to the address
(IPAM) space management, which includes the configuration data available with the
Management DHCP and DNS server instances in the network.
Protocol Version 2
Click here to view this version of the [MS-IPAMM2] PDF.

[MS-IPHTTPS]: IP Specifies the IP over HTTPS (IP-HTTPS) Tunneling Protocol, a mechanism to

over HTTPS (IP- transport IPv6 packets on an HTTPS connection.
HTTPS) Tunneling
Protocol Click here to view this version of the [MS-IPHTTPS] PDF.

[MS-IRDA]: IrDA Specifies the IrDA Object Exchange (OBEX) Protocol Profile, which clarifies
Object Exchange the implementation details of [IROBEX] where necessary and clarifies which
(OBEX) Protocol portions of [IROBEX] are not implemented.
Profile
Click here to view this version of the [MS-IRDA] PDF.

[MS-IRP]: Internet Specifies the Internet Information Services (IIS) Inetinfo Remote Protocol, an
Information RPC-based client/server protocol that is used for managing Internet protocol
Services (IIS) servers such as those hosted by IIS.
Inetinfo Remote
Protocol Click here to view this version of the [MS-IRP] PDF.
Specification Description

[MS-KILE]: Specifies the Microsoft implementation of the Kerberos Protocol Extensions,

Kerberos Protocol as specified in [RFC4120], by specifying any Windows behaviors that differ
Extensions from the Kerberos Protocol, in addition to Windows extensions for
interactive logon and the inclusion of authorization information expressed as
group memberships and related information.

Click here to view this version of the [MS-KILE] PDF.

[MS-KKDCP]: Specifies the Kerberos Key Distribution Center (KDC) Proxy Protocol, which
Kerberos Key provides a mechanism for a client to use a KKDCP server to change
Distribution passwords and securely obtain Kerberos service tickets from a Kerberos V5
Center (KDC) server.
Proxy Protocol
Click here to view this version of the [MS-KKDCP] PDF.

[MS-KPP]: Key Specifies the Key Provisioning Protocol, which defines a mechanism for a
Provisioning client to register a set of cryptographic keys on a user and device pair.
Protocol
Click here to view this version of the [MS-KPP] PDF.

[MS-KPS]: Key Specifies the Key Protection Service protocol, one of two services that
Protection Service comprise the Host Guardian Service. Host Guardian Service is a server role
Protocol that provides security assurance for Shielded Virtual Machines (VMs) by
ensuring that Shielded VMs can be run only on known and trusted fabric
hosts that have a legitimate configuration. The other component service, the
Attestation Service, is specified in the [MS-HGSA] protocol document.

Click here to view this version of the [MS-KPS] PDF.

[MS-L2TPIE]: Layer Specifies the Layer 2 Tunneling Protocol (L2TP) IPsec Extensions, which
2 Tunneling allows IP, IPX, or NetBEUI traffic to be encrypted and then sent over any
Protocol (L2TP) medium that supports point-to-point (PPP) (Point to Point Protocol
IPsec Extensions [RFC1661]) datagram delivery, such as IP, X.25, Frame Relay, or ATM.

Click here to view this version of the [MS-L2TPIE] PDF.

[MS-LLMNRP]: Specifies the Link Local Multicast Name Resolution (LLMNR) Profile, which
Link Local describes the differences between this profile and the one defined in
Multicast Name [RFC4795].
Resolution
(LLMNR) Profile Click here to view this version of the [MS-LLMNRP] PDF.

[MS-LLTD]: Link Specifies the Link Layer Topology Discovery (LLTD) Protocol, which an
Layer Topology application or a higher-layer protocol can use to facilitate discovery of link-
Discovery (LLTD) layer topology and diagnose various problems associated with a network's
Protocol signal strength and bandwidth.

Click here to view this version of the [MS-LLTD] PDF.

Specification Description

[MS-LREC]: Live Specifies the Live Remote Event Capture (LREC) Protocol, which enables a
Remote Event management station to monitor events on a target system across a network.
Capture (LREC) The protocol supports various monitoring scenarios, such as a ""first line of
Protocol defense"" for troubleshooting, where the remote system does not support
the ability to log events locally.

Click here to view this version of the [MS-LREC] PDF.

[MS-LSAD]: Local Specifies the Local Security Authority (Domain Policy) Remote Protocol. This
Security Authority protocol provides an RPC interface used for providing remote management
(Domain Policy) for policy settings related to account objects, secret objects, trusted domain
Remote Protocol objects (TDOs), and other security-related policy settings.

Click here to view this version of the [MS-LSAD] PDF.

[MS-LSAT]: Local Specifies the Local Security Authority (Translation Methods) Remote
Security Authority Protocol, which is implemented in Windows-based products to translate
(Translation identifiers for security principal between human-readable and machine-
Methods) Remote readable forms.
Protocol
Click here to view this version of the [MS-LSAT] PDF.

[MS-LWSSP]: Specifies the Lightweight Web Services Security Profile. This profile specifies
Lightweight Web how to perform lightweight client authentication and security token
Services Security exchange based on set of security-related Web services protocols.
Profile
Click here to view this version of the [MS-LWSSP] PDF.

[MS-MAIL]: Specifies the Remote Mailslot Protocol. This protocol is a simple, nonsecure,
Remote Mailslot and unidirectional interprocess communications (IPC) protocol between a
Protocol client and server.

Click here to view this version of the [MS-MAIL] PDF.

[MS-MCIS]: Specifies the Content Indexing Services Protocol, which enables a client to
Content Indexing communicate with a server hosting an indexing service to issue queries.
Services Protocol
Click here to view this version of the [MS-MCIS] PDF.

[MS-MDE]: Mobile Specifies the Mobile Device Management Enrollment Protocol, which
Device Enrollment provides a mechanism for discovering devices and enrolling them into a
Protocol management system. After enrollment, devices can be managed through the
Microsoft Mobile Device Management Protocol [MS-MDM].

Click here to view this version of the [MS-MDE] PDF.

Specification Description

[MS-MDE2]: Specifies version 2 of the Mobile Device Enrollment Protocol (MDE), which
Mobile Device enables enrolling a device with the DMS through an Enrollment Service (ES).
Enrollment The protocol includes the discovery of the Management Enrollment Service
Protocol Version 2 (MES) and enrollment with the ES.

Click here to view this version of the [MS-MDE2] PDF.

[MS-MDM]: Specifies the Mobile Device Management Protocol (MDM), a subset of the
Mobile Device Open Mobile Association (OMA) standard protocol, which provides a
Management mechanism for managing devices previously enrolled into a management
Protocol system through the Microsoft Mobile Device Management Enrollment
Protocol [MS-MDE].

Click here to view this version of the [MS-MDM] PDF.

[MS-MICE]: The Miracast over Infrastructure Connection Establishment Protocol specifies

Miracast over a connection negotiation sequence used to connect, indicate readiness to
Infrastructure connect, and disconnect from a Miracast over Infrastructure endpoint. This
Connection protocol also specifies the Miracast over Infrastructure Information Element
Establishment (IE), which helps identify Miracast receivers (sinks) that can support a
Protocol Miracast session over an infrastructure link (as opposed to a Wi-Fi Direct
link).

Click here to view this version of the [MS-MICE] PDF.

[MS-MMSP]: Specifies the Microsoft Media Server (MMS) Protocol, which defines how
Microsoft Media MMS streams multimedia from Windows Media Services to Windows Media
Server (MMS) Player, or to another instance of Windows Media Services. MMS uses TCP
Protocol (Transmission Control Protocol) and UDP (User Datagram Protocol).

Click here to view this version of the [MS-MMSP] PDF.

[MS-MNPR]: Specifies the Microsoft NetMeeting Protocol, which implements a method of

Microsoft application sharing over the T.120 Multipoint Communication Service (MCS)
NetMeeting layer, using the S20 MCS Channel.
Protocol
Click here to view this version of the [MS-MNPR] PDF.

[MS-MQBR]: Specifies the Message Queuing (MSMQ): Binary Reliable Message Routing
Message Queuing Algorithm, which is used by MSMQ to communicate across both connected
(MSMQ): Binary networks and heterogeneous networks.
Reliable Message
Routing Algorithm Click here to view this version of the [MS-MQBR] PDF.
Specification Description

[MS-MQCN]: Specifies the Message Queuing (MSMQ): Directory Service Change

Message Queuing Notification Protocol. It defines a mechanism used by the MSMQ Directory
(MSMQ): Directory Service or a queue manager to notify a queue manager of changes to its
Service Change owned objects.
Notification
Protocol Click here to view this version of the [MS-MQCN] PDF.

[MS-MQDMPR]: Specifies the Message Queuing (MSMQ): Data Structures, which define an
Message Queuing abstract data model and events shared by multiple MSMQ protocols.
(MSMQ):
Common Data Click here to view this version of the [MS-MQDMPR] PDF.
Model and
Processing Rules

[MS-MQDS]: Specifies the Message Queuing (MSMQ): Directory Service Protocol, an RPC-
Message Queuing based protocol that is used by MSMQ clients and Message Queuing servers
(MSMQ): Directory to remotely access and maintain MSMQ directory objects.
Service Protocol
Click here to view this version of the [MS-MQDS] PDF.

[MS-MQDSSM]: Specifies the Message Queuing (MSMQ): Data Structures that are used by
Message Queuing any protocol that manipulates the subset of the abstract data elements and
(MSMQ): Directory data element attributes defined in [MS-MQDMPR] section 3.1.
Service Schema
Mapping Click here to view this version of the [MS-MQDSSM] PDF.

[MS-MQMP]: Specifies the Message Queuing (MSMQ): Queue Manager Client Protocol,
Message Queuing which enables communication between message queuing client applications
(MSMQ): Queue and an MSMQ Queue Manager.
Manager Client
Protocol Click here to view this version of the [MS-MQMP] PDF.

[MS-MQMQ]: Specifies Message Queuing (MSMQ): Data Structures, which contains

Message Queuing common definitions and data structures that are used in the Microsoft
(MSMQ): Data Message Queuing protocols.
Structures
Click here to view this version of the [MS-MQMQ] PDF.

[MS-MQMR]: Specifies the Message Queuing (MSMQ): Queue Manager Management

Message Queuing Protocol that is used for management operations on the MSMQ server,
(MSMQ): Queue including monitoring the MSMQ installation and the queues.
Manager
Management Click here to view this version of the [MS-MQMR] PDF.
Protocol
Specification Description

[MS-MQQB]: Specifies the Message Queuing (MSMQ): Binary Reliable Messaging

Message Queuing Protocol, which defines a mechanism for reliably transferring messages
(MSMQ): Message between two message queues located on two different hosts.
Queuing Binary
Protocol Click here to view this version of the [MS-MQQB] PDF.

[MS-MQQP]: Specifies the Message Queuing (MSMQ): Queue Manager to Queue

Message Queuing Manager Protocol, an RPC-based protocol used by the queue manager and
(MSMQ): Queue runtime library to read and purge messages from a remote queue.
Manager to
Queue Manager Click here to view this version of the [MS-MQQP] PDF.
Protocol

[MS-MQRR]: Specifies the Message Queuing (MSMQ): Queue Manager Remote Read
Message Queuing Protocol, an RPC-based protocol that is used by MSMQ clients to read or
(MSMQ): Queue reject a message from a queue, move a message between queues, and
Manager Remote purge messages from a queue.
Read Protocol
Click here to view this version of the [MS-MQRR] PDF.

[MS-MQSD]: Specifies the Message Queuing (MSMQ): Directory Service Discovery

Message Queuing Protocol, which is used by MSMQ clients to discover an accessible executing
(MSMQ): Directory instance of an MSMQ Directory Service server.
Service Discovery
Protocol Click here to view this version of the [MS-MQSD] PDF.

[MS-MSB]: Media Specifies the Media Stream Broadcast (MSB) Protocol, which enables
Stream Broadcast distribution of Advanced Systems Format (ASF) packets over a network for
(MSB) Protocol which Internet Protocol (IP) multicasting is enabled.

Click here to view this version of the [MS-MSB] PDF.

[MS-MSBD]: Specifies the Media Stream Broadcast Distribution (MSBD) Protocol, which
Media Stream describes how to transfer an audio-visual content stream from a server to a
Broadcast single client.
Distribution
(MSBD) Protocol Click here to view this version of the [MS-MSBD] PDF.

[MS-MSRP]: Specifies the Messenger Service Remote Protocol, a set of RPC interfaces
Messenger Service that instructs a server to display short text messages to a console user, to
Remote Protocol deliver messages to a local or remote server for display to a console user,
and to manage the names for which the server receives messages.

Click here to view this version of the [MS-MSRP] PDF.

Specification Description

[MS-MWBE]: Specifies the Microsoft Web Browser Federated Sign-On Protocol Extensions.
Microsoft Web This extension enables Web browser requestors that do not support
Browser scripting (to create POST messages) and enables passing security identifiers
Federated Sign- (SIDs) in Security Assertion Markup Language (SAML) V1.1 assertions. It is
On Protocol assumed that the reader is familiar with the terms, concepts, and protocols
Extensions that are defined in [MS-MWBF].

Click here to view this version of the [MS-MWBE] PDF.

[MS-MWBF]: Specifies the Microsoft Web Browser Federated Sign-On Protocol, which is
Microsoft Web primarily a restriction of the protocol that is specified in [WSFederation1.2]
Browser section 13. The restrictions are designed to enable greater interoperability
Federated Sign- by reducing the number of variations that must be implemented. This
On Protocol protocol also specifies minor additions to [WSFederation1.2] section 13 to
handle common scenarios.

Click here to view this version of the [MS-MWBF] PDF.

[MS-N2HT]: Specifies the Negotiate and Nego2 HTTP Authentication Protocol, which
Negotiate and describes support for SPNEGO authentication as specified in [RFC4559]. The
Nego2 HTTP tokens are transmitted using base64-encoding. This protocol calls out the
Authentication differences in the Microsoft implementation from what is specified in
Protocol [RFC4559], where applicable.

Click here to view this version of the [MS-N2HT] PDF.

[MS-NBTE]: Specifies the NetBIOS over TCP (NBT) Extensions, as specified in [RFC1001]
NetBIOS over TCP and [RFC1002]. These extensions modify the syntax of allowable NetBIOS
(NBT) Extensions names and the behavior of timers, and add support for multihomed hosts.

Click here to view this version of the [MS-NBTE] PDF.

[MS-NCNBI]: Specifies the Network Controller Protocol, which is used by tenants and
Network network administrators to control data center networking. Common tasks
Controller that would use these APIs include designing and monitoring a virtual
Northbound network in a data center.
Interface
Click here to view this version of the [MS-NCNBI] PDF.

[MS-NCT]: Enables an 802.11 wireless access point (AP) to inform a wireless client of the
Network Cost network cost and hints about the AP type.
Transfer Protocol
Click here to view this version of the [MS-NCT] PDF.
Specification Description

[MS-NEGOEX]: Specifies the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism

SPNEGO Extended that enhances the capabilities of SPNEGO [RFC4178] by providing a security
Negotiation mechanism which can be negotiated by SPNEGO. When the NEGOEX
(NEGOEX) Security security mechanism is selected by SPNEGO, NEGOEX provides a method
Mechanism allowing selection of a common authentication protocol based on meta-data
such as trust configurations.

Click here to view this version of the [MS-NEGOEX] PDF.

[MS-NETTR]: .NET Specifies the .NET Tracing Protocol, which provides a method for correlating
Tracing Protocol call traces in a .NET remoting application.

Click here to view this version of the [MS-NETTR] PDF.

[MS-NFPB]: Near Specifies the Near Field Proximity: Bidirectional Services Protocol, which
Field Proximity: provides a way for devices to discover services and versions from one device
Bidirectional to another. The protocol uses the ""Proximity Publication Subscription""
Services Protocol transport to exchange messages between peers.

Click here to view this version of the [MS-NFPB] PDF.

[MS-NFPS]: Near Specifies the Near Field Proximity: Sharing Protocol, which provides a way
Field Proximity: for devices to share files over an already established single-purpose channel.
Sharing Protocol A client can use this protocol to send a set of files packaged in an Open
Packaging Convention (OPC) file and encrypted over the channel.

Click here to view this version of the [MS-NFPS] PDF.

[MS-NKPU]: Specifies the Network Key Protector Unlock Protocol, which enables a client
Network Key to send an encrypted package of key material along with a session key to a
Protector Unlock remote server and to receive the decrypted key material protected by the
Protocol session key.

Click here to view this version of the [MS-NKPU] PDF.

[MS-NLMP]: NT Specifies the NT LAN Manager (NTLM) Authentication Protocol, used in

LAN Manager Windows for authentication between clients and servers. NTLM is used by
(NTLM) application protocols to authenticate remote users and, optionally, to
Authentication provide session security when requested by the application.
Protocol
Click here to view this version of the [MS-NLMP] PDF.

[MS-NMFMB]: Specifies the .NET Message Framing MSMQ Binding Protocol, which defines
.NET Message how the mechanism described in [MC-NMF] for framing messages over any
Framing MSMQ transport protocol can be applied over Message Queue (MSMQ). This
Binding Protocol protocol specification also defines how to indicate the use of .NET Message
Framing over MSMQ as a SOAP transport in Web Services Description
Language (WSDL).

Click here to view this version of the [MS-NMFMB] PDF.

Specification Description

[MS-NMFTB]: .NET Specifies how the .NET Message Framing Protocol [MC-NMF] is bound to a
Message Framing TCP connection, including the initiation of the stream by using the net.tcp
TCP Binding URI scheme and the application of .NET Message Framing over TCP as a
Protocol SOAP transport in WSDL.

Click here to view this version of the [MS-NMFTB] PDF.

[MS-NNS]: .NET Specifies the .NET NegotiateStream Protocol, which provides mutually
NegotiateStream authenticated and confidential communication over a TCP connection. It
Protocol uses the Simple and Protected GSS-API Negotiation mechanism (SPNEGO)
for security services (authentication, key derivation, and data encryption and
decryption).

Click here to view this version of the [MS-NNS] PDF.

[MS-NNTP]: NT Specifies the NT LAN Manager (NTLM) Authentication: Network News

LAN Manager Transfer Protocol (NNTP) Extension, which defines the use of NTLM
(NTLM) authentication by NNTP to facilitate client authentication to a Windows-
Authentication: based NNTP server.
Network News
Transfer Protocol Click here to view this version of the [MS-NNTP] PDF.
(NNTP) Extension

[MS-NRBF]: .NET Specifies the .NET Remoting: Binary Format Data Structure protocol, which
Remoting: Binary defines a set of structures for representing object graph or method
Format Data invocation information as an octet stream.
Structure
Click here to view this version of the [MS-NRBF] PDF.

[MS-NRLS]: .NET Specifies the .NET Remoting: Lifetime Services Extension, which adds lifetime
Remoting: and remote activation capabilities to the .NET Remoting Core Protocol
Lifetime Services (specified in [MS-NRTP]).
Extension
Click here to view this version of the [MS-NRLS] PDF.

[MS-NRPC]: Specifies the Netlogon Remote Protocol, an RPC interface that is used for
Netlogon Remote user and machine authentication on domain-based networks; to replicate
Protocol the user account database for operating systems earlier than Windows 2000
backup domain controllers; to discover, manage, and maintain domain
relationships of domain members and domain controllers across domains.

Click here to view this version of the [MS-NRPC] PDF.

[MS-NRTP]: .NET Specifies the .NET Remoting: Core Protocol, a mechanism by which a calling
Remoting: Core program can invoke a method in a different address space over the network.
Protocol Arguments are passed along as part of the invocation message, and return
values are sent in the response.

Click here to view this version of the [MS-NRTP] PDF.

Specification Description

[MS-NSPI]: Name Specifies the Name Service Provider Interface (NSPI) Protocol, which
Service Provider provides messaging clients with a way to access and manipulate addressing
Interface (NSPI) data stored by a server. This protocol consists of an abstract data model and
Protocol a single RPC call interface to manipulate data in that model.

Click here to view this version of the [MS-NSPI] PDF.

[MS-NTHT]: NTLM Specifies the NTLM Over HTTP Protocol, which is used to authenticate a Web
Over HTTP client to a Web server. This protocol authentication variant works only with
Protocol NTLM; the Kerberos protocol is not supported.

Click here to view this version of the [MS-NTHT] PDF.

[MS-NVGREE]: Specifies the Network Virtualization using Generic Routing Encapsulation

Network (NVGRE) Extensions protocol, which adds additional support to the NVGRE
Virtualization protocol by defining two new extension/control messages. One message
using Generic initiates traffic redirection to a new network virtualization endpoint (NVE)
Routing when a VM is moved to a new NVE during a data center migration event.
Encapsulation The other new message pushes out a policy refresh via an NVE in response
(NVGRE) to the moved VM.
Extensions
Click here to view this version of the [MS-NVGREE] PDF.

[MS-OAPX]: Specifies the OAuth 2.0 Protocol Extensions, which are used to extend the
OAuth 2.0 OAuth 2.0 Authorization Framework. These extensions enable authorization
Protocol features such as resource specification, request identifiers, and login hints.
Extensions
Click here to view this version of the [MS-OAPX] PDF.

[MS-OAPXBC]: Specifies the OAuth 2.0 Protocol Extensions for Broker Clients, extensions to
OAuth 2.0 [RFC6749] (The OAuth 2.0 Authorization Framework) that allow a broker
Protocol client to obtain access tokens on behalf of calling clients.
Extensions for
Broker Clients Click here to view this version of the [MS-OAPXBC] PDF.

[MS-OAUT]: OLE Specifies the OLE Automation Protocol, which uses DCOM as its transport
Automation layer and provides support for an additional set of types as well as for a late-
Protocol bound calling mechanism.

Click here to view this version of the [MS-OAUT] PDF.

[MS-OCSP]: Specifies the Online Certificate Status Protocol (OCSP) Extensions, which
Online Certificate defines the data that needs to be exchanged between an application that
Status Protocol checks the status of a certificate and the responder that provides the status.
(OCSP) Extensions
Click here to view this version of the [MS-OCSP] PDF.
Specification Description

[MS-OCSPA]: Specifies the Microsoft OCSP Administration Protocol, which consists of a set
Microsoft OCSP of distributed component object model (DCOM) interfaces that allows
Administration administrative tools to configure the properties of the Online Responder.
Protocol
Click here to view this version of the [MS-OCSPA] PDF.

[MS-ODATA]: Specifies the Open Data (OData) Protocol. This protocol enables applications
Open Data to expose data, by using common Web technologies, and by means of a
Protocol (OData) data service that can be consumed by clients within corporate networks and
across the Internet.

Click here to view this version of the [MS-ODATA] PDF.

[MS-OIDCE]: Specifies the OpenID Connect 1.0 Protocol Extensions. These extensions
OpenID Connect define additional claims to carry information about the end user, including
1.0 Protocol the user principal name, a locally unique identifier, a time for password
Extensions expiration, and a URL for password change. These extensions also define
additional provider metadata that enable the discovery of the issuer of
access tokens and give additional information about provider capabilities.

Click here to view this version of the [MS-OIDCE] PDF.

[MS-OLEDS]: Specifies the Object Linking and Embedding (OLE) Data Structures. These
Object Linking structures enable applications to create documents that contain linked or
and Embedding embedded objects.
(OLE) Data
Structures Click here to view this version of the [MS-OLEDS] PDF.

[MS-OLEPS]: Specifies the Object Linking and Embedding (OLE): Property Set Data
Object Linking Structures. These structures enable applications to write metadata in a
and Embedding manner that is discoverable to other software.
(OLE) Property Set
Data Structures Click here to view this version of the [MS-OLEPS] PDF.

[MS-OTPCE]: One- Specifies the One-Time Password Certificate Enrollment Protocol, which
Time Password enhances network security in remote access connections by utilizing
Certificate different components, such as the one-time password (OTP) authentication
Enrollment mechanism as well as a short-lived smart card logon certificate.
Protocol
Click here to view this version of the [MS-OTPCE] PDF.

[MS-PAC]: Specifies the Privilege Attribute Certificate Data Structure, which is used to
Privilege Attribute encode authorization information. The Privilege Attribute Certificate also
Certificate Data contains memberships, additional credential information, profile and policy
Structure information, and supporting security metadata.

Click here to view this version of the [MS-PAC] PDF.

Specification Description

[MS-PAN]: Print Specifies the [MS-PAN]: Print System Asynchronous Notification Protocol, an
System asynchronous protocol that clients use to receive print status notifications
Asynchronous from a print server and send server-requested responses to those
Notification notifications back to the server. It is based on the Remote Procedure Call
Protocol (RPC) protocol, as specified in [C706].

Click here to view this version of the [MS-PAN] PDF.

[MS-PAR]: Print Specifies the Print System Asynchronous Remote Protocol, which defines the
System communication of print job processing and print system management
Asynchronous information between a print client and a print server.
Remote Protocol
Click here to view this version of the [MS-PAR] PDF.

[MS-PASS]: Specifies the Passport Server Side Include (SSI) Version 1.4 Protocol, which
Passport Server describes how messages are encapsulated on the wire.
Side Include (SSI)
Version 1.4 Click here to view this version of the [MS-PASS] PDF.
Protocol

[MS-PBSD]: Specifies the Publication Services Data Structure. This structure describes the
Publication data that computers use to describe themselves and the resources they offer
Services Data as Web services over IP-based networks.
Structure
Click here to view this version of the [MS-PBSD] PDF.

[MS-PCCRC]: Peer Specifies Peer Content Caching and Retrieval: Content Identification, the
Content Caching content information format used by the Windows Branch Caching
and Retrieval: Framework to uniquely identify content for discovery and retrieval purposes.
Content
Identification Click here to view this version of the [MS-PCCRC] PDF.

[MS-PCCRD]: Peer Specifies the Peer Content Caching and Retrieval Discovery Protocol, which is
Content Caching based on the Web Services Dynamic Discovery (WS-Discovery) protocol. It is
and Retrieval: a content caching and retrieval framework based on a peer-to-peer
Discovery discovery and distribution model.
Protocol
Click here to view this version of the [MS-PCCRD] PDF.

[MS-PCCRR]: Peer Specifies the Peer Content Caching and Retrieval: Retrieval Protocol. This
Content Caching protocol defines two message exchanges, one for querying the server for the
and Retrieval: availability of certain content, and the other for retrieving content from a
Retrieval Protocol server.

Click here to view this version of the [MS-PCCRR] PDF.

Specification Description

[MS-PCCRTP]: Specifies the Peer Content Caching and Retrieval: Hypertext Transfer
Peer Content Protocol (HTTP) Extensions, which implements a new type of content
Caching and encoding, PeerDist, that can be used in HTTP/1.1. In particular, it specifies
Retrieval: the mechanism used by an HTTP/1.1 client and an HTTP/1.1 server to
Hypertext Transfer communicate with each other using the PeerDist content encoding.
Protocol (HTTP)
Extensions Click here to view this version of the [MS-PCCRTP] PDF.

[MS-PCHC]: Peer Specifies the Peer Content Caching and Retrieval: Hosted Cache Protocol,
Content Caching used by clients to offer metadata to a hosted cache server.
and Retrieval:
Hosted Cache Click here to view this version of the [MS-PCHC] PDF.
Protocol

[MS-PCQ]: Specifies the Performance Counter Query Protocol, which is used for
Performance browsing performance counters and retrieving performance counter values
Counter Query from a server.
Protocol
Click here to view this version of the [MS-PCQ] PDF.

[MS-PEAP]: Specifies the Protected Extensible Authentication Protocol (PEAP), which

Protected adds security services to the Extensible Authentication Protocol methods.
Extensible
Authentication Click here to view this version of the [MS-PEAP] PDF.
Protocol (PEAP)

[MS-PKAP]: Public Specifies the Public Key Authentication Protocol, which provides a method
Key for HTTP clients to prove possession of a private key to a web server without
Authentication having to rely on client Transport Layer Security (TLS) support from the
Protocol underlying platform.

Click here to view this version of the [MS-PKAP] PDF.

[MS-PKCA]: Public Specifies the Public Key Cryptography for Initial Authentication (PKINIT) in
Key Cryptography Kerberos Protocol. This protocol enables the use of public key cryptography
for Initial in the initial authentication exchange of the Kerberos Protocol (PKINIT) and
Authentication specifies the Windows implementation of PKINIT where it differs from
(PKINIT) in [RFC4556].
Kerberos Protocol
Click here to view this version of the [MS-PKCA] PDF.

[MS-PLA]: Specifies the Performance Logs and Alerts Protocol, which provides a set of
Performance Logs DCOM interfaces to control data collection on a remote system. The control
and Alerts includes starting, stopping, scheduling, and configuration of data collector
Protocol objects, and the creation of alerts.

Click here to view this version of the [MS-PLA] PDF.

Specification Description

[MS-PNRP]: Peer Specifies the Peer Name Resolution Protocol (PNRP) Version 4.0, which is
Name Resolution used to resolve a name to a set of information, such as IP addresses; to
Protocol (PNRP) maintain a cloud of peer nodes; to maintain a distributed cache of endpoint
Version 4.0 information; and to transfer requests for Peer Name resolutions between
nodes.

Click here to view this version of the [MS-PNRP] PDF.

[MS-POP3]: NT Specifies the NT LAN Manager (NTLM) Authentication: Post Office Protocol -
LAN Manager Version 3 (POP3) Extension, which describes the use of NTLM Authentication
(NTLM) (see [MS-NLMP]) by the Post Office Protocol 3 (POP3) to facilitate client
Authentication: authentication to a Windows POP3 server. POP3 specifies a protocol for the
Post Office inquiry and retrieval of electronic mail.
Protocol - Version
3 (POP3) Click here to view this version of the [MS-POP3] PDF.
Extension

[MS-PPGRH]: Specifies the Peer-to-Peer Graphing Protocol, a peer-to-peer protocol for

Peer-to-Peer establishing and maintaining a connected set of nodes (referred to as a
Graphing Protocol graph), and replicating data among the nodes.

Click here to view this version of the [MS-PPGRH] PDF.

[MS-PPPI]: PPP Specifies the PPP Over IrDA Dialup Protocol, which enables the scenario in
Over IrDA Dialup which a computer with infrared capabilities obtains network access by using
Protocol a modem via the infrared link.

Click here to view this version of the [MS-PPPI] PDF.

[MS-PPSEC]: Peer- Specifies the Peer-to-Peer Grouping Security Protocol (P2P Grouping), which
to-Peer Grouping layers on top of the Peer-to-Peer Graphing Protocol [MS-PPGRH] and adds
Security Protocol security and discovery services.

Click here to view this version of the [MS-PPSEC] PDF.

[MS-PROPSTORE]: Specifies the Property Store Binary File Format. This file format is a
Property Store persistence format for a set of properties. Implementers can use this file
Binary File Format format to store a set of properties in a file or within another structure.

Click here to view this version of the [MS-PROPSTORE] PDF.

[MS-PSDP]: Specifies the Proximity Service Discovery Protocol, which conveys service
Proximity Service discovery information, such as service advertisements, as part of Beacon
Discovery frames, as specified in [IEEE802.11-2007].
Protocol
Click here to view this version of the [MS-PSDP] PDF.
Specification Description

[MS-PSRDP]: Specifies the PowerShell Remote Debugging Protocol (PSRDP).This protocol

PowerShell extends the existing PowerShell Remoting Protocol (PSRP) specified in [MS-
Remote PSRP] to support debugging over a remote session.
Debugging
Protocol Click here to view this version of the [MS-PSRDP] PDF.

[MS-PSRP]: Specifies the Windows PowerShell Remoting Protocol, which encodes

PowerShell messages prior to sending them over the Web Services Management
Remoting Protocol Extensions for the Windows Vista [MS-WSMV] layer.
Protocol
Click here to view this version of the [MS-PSRP] PDF.

[MS-PTPT]: Point- Specifies the Point-to-Point Tunneling Protocol, which allows the Point-to-
to-Point Point Protocol (PPP) [RFC1661] to be tunneled through an IP network.
Tunneling
Protocol (PPTP) Click here to view this version of the [MS-PTPT] PDF.
Profile

[MS-QDP]: Quality Specifies the Quality Windows Audio/Video Experience (qWave): Wireless
Windows Diagnostics Protocol. This protocol is used to obtain information from a host
Audio/Video or a device about its wireless characteristics, which can facilitate the
Experience diagnosis of wireless network issues.
(qWave): Wireless
Diagnostics Click here to view this version of the [MS-QDP] PDF.
Protocol

[MS-QLPB]: Specifies the Quality Windows Audio/Video Experience (qWave): Layer 3

Quality Windows Probing (L3P) (qWave) Protocol, which operates over TCP/IP and UDP/IP.
Audio/Video qWave enables applications to evaluate link bandwidth and quality by
Experience analyzing timestamps of probe packets transmitted between two devices.
(qWave): Layer 3
Probing Protocol Click here to view this version of the [MS-QLPB] PDF.

[MS-RA]: Remote Specifies the Remote Assistance Protocol, which is used after a remote
Assistance assistance connection is established between two computers.
Protocol
Click here to view this version of the [MS-RA] PDF.

[MS-RAA]: Remote Specifies the Remote Authorization API Protocol, which is used to perform
Authorization API ""what-if"" authorization queries on remote computers. It allows applications
Protocol to simulate an access control decision that would be made when a principal
attempts to access a remote resource protected with an authorization policy.

Click here to view this version of the [MS-RAA] PDF.

Specification Description

[MS-RAI]: Remote Specifies the Remote Assistance Initiation Protocol, which enables an
Assistance authorized expert to start Remote Assistance (RA) on a remote novice
Initiation Protocol computer to retrieve data that is required to make a Remote Assistance
connection from the expert's computer to the novice's computer.

Click here to view this version of the [MS-RAI] PDF.

[MS-RAIOP]: Specifies the Remote Assistance Initiation over PNRP Protocol, which is used
Remote to establish a Remote Assistance connection between two computers.
Assistance
Initiation over Click here to view this version of the [MS-RAIOP] PDF.
PNRP Protocol

[MS-RAIW]: Specifies the Remote Administrative Interface: WINS protocol, which enables
Remote local or remote administration of the Windows Internet Name Service
Administrative (WINS) within the Microsoft Management Console (MMC) WINS snap-in and
Interface: WINS the NetSh command line (WINS context).

Click here to view this version of the [MS-RAIW] PDF.

[MS-RAP]: Remote Specifies the Microsoft Remote Administration Protocol (RAP), which
Administration Microsoft LAN Manager uses to perform remote administrative functions
Protocol and is included in the Microsoft Windows operating system for compatibility
reasons.

Click here to view this version of the [MS-RAP] PDF.

[MS-RASA]: Specifies the Remote Access Server Advertisement (RASADV) Protocol, by

Remote Access which Remote Access Service (RAS) Servers advertise their presence within a
Server local network, enabling network administrators to detect nonmalicious
Advertisement configuration and deployment of gateways providing external access to their
(RASADV) network.
Protocol
Click here to view this version of the [MS-RASA] PDF.

[MS-RCMP]: Specifies the Remote Certificate Mapping Protocol, which enables servers to
Remote Certificate use a directory, database, or other technology to map the user's X.509
Mapping Protocol certificate to a security principal.

Click here to view this version of the [MS-RCMP] PDF.

[MS-RDC]: Specifies the Remote Differential Compression Algorithm protocol, which

Remote enables efficient synchronization of files with a remote source by using
Differential compression techniques to minimize the amount of data sent between a
Compression client and server.
Algorithm
Click here to view this version of the [MS-RDC] PDF.
Specification Description

[MS-RDPADRV]: Specifies the Remote Desktop Protocol: Audio Level and Drive Letter
Remote Desktop Persistence Virtual Channel Extension, which allows an RDP (remote desktop
Protocol: Audio connection) client device to mimic a Windows client PC session with respect
Level and Drive to audio levels and drive letters.
Letter Persistence
Virtual Channel Click here to view this version of the [MS-RDPADRV] PDF.
Extension

[MS-RDPBCGR]: Specifies the Remote Desktop Protocol: Basic Connectivity and Graphics
Remote Desktop Remoting, designed to facilitate user interaction with a remote computer
Protocol: Basic system by transferring graphics display information from the remote
Connectivity and computer to the user and transporting input from the user to the remote
Graphics computer, where it may be injected locally.
Remoting
Click here to view this version of the [MS-RDPBCGR] PDF.

[MS-RDPCR2]: Specifies the Remote Desktop Protocol: Composited Remoting V2, which
Remote Desktop displays the contents of the Windows-based desktop running on one
Protocol: machine on a second machine connected to the first via a network.
Composited
Remoting V2 Click here to view this version of the [MS-RDPCR2] PDF.

[MS-RDPEA]: Specifies the Remote Desktop Protocol: Audio Output Virtual Channel
Remote Desktop Extension, which transfers audio data from the server to the client.
Protocol: Audio
Output Virtual Click here to view this version of the [MS-RDPEA] PDF.
Channel Extension

[MS-RDPEAI]: Specifies the Remote Desktop Protocol: Audio Input Redirection Virtual
Remote Desktop Channel Extension, which transfers audio data from a client to a server.
Protocol: Audio
Input Redirection Click here to view this version of the [MS-RDPEAI] PDF.
Virtual Channel
Extension

[MS-RDPEAR]: Performs authentication over a Remote Desktop connection. By establishing

Remote Desktop a virtual channel between the source and the target devices, it can relay
Protocol authentication requests received by the target device to the source device.
Authentication
Redirection Virtual Click here to view this version of the [MS-RDPEAR] PDF.
Channel

[MS-RDPECAM]: The Remote Desktop Protocol: Video Capture Virtual Channel Extension
Remote Desktop adds remoting of video capture devices, such as webcams, to the Basic
Protocol: Video Connectivity and Graphics Remoting Protocol.
Capture Virtual
Channel Extension Click here to view this version of the [MS-RDPECAM] PDF.
Specification Description

[MS-RDPECLIP]: Specifies the Remote Desktop Protocol: Clipboard Virtual Channel Extension,
Remote Desktop which enables users to seamlessly transfer data via the system clipboard
Protocol: between applications that are running on different computers.
Clipboard Virtual
Channel Extension Click here to view this version of the [MS-RDPECLIP] PDF.

[MS-RDPEDC]: Specifies the Remote Desktop Protocol: Desktop Composition Virtual

Remote Desktop Channel Extension, which enables a remote display client to replicate the
Protocol: Desktop functionality of the Desktop Window Manager (DWM) across a network
Composition boundary.
Virtual Channel
Extension Click here to view this version of the [MS-RDPEDC] PDF.

[MS-RDPEDISP]: Specifies the Remote Desktop Protocol: Display Control Virtual Channel
Remote Desktop Extension to the Remote Desktop Protocol: Basic Connectivity and Graphics
Protocol: Display Remoting, as specified in [MS-RDPBCGR]. This control protocol is used to
Update Virtual request display configuration changes in a remote session.
Channel Extension
Click here to view this version of the [MS-RDPEDISP] PDF.

[MS-RDPEDYC]: Specifies the Remote Desktop Protocol: Dynamic Channel Virtual Channel
Remote Desktop Extension, which supports features such as classes of priority (that may be
Protocol: Dynamic used to implement bandwidth allocation) and individually connected
Channel Virtual endpoints using dynamic virtual channel (DVC) listeners.
Channel Extension
Click here to view this version of the [MS-RDPEDYC] PDF.

[MS-RDPEECO]: Specifies the Remote Desktop Protocol: Virtual Channel Echo Extension. This
Remote Desktop extension is used as a ping and echo mechanism to determine various
Protocol: Virtual network characteristics that are significant for RDP.
Channel Echo
Extension Click here to view this version of the [MS-RDPEECO] PDF.

[MS-RDPEFS]: Specifies the Remote Desktop Protocol: File System Virtual Channel
Remote Desktop Extension, which runs over a static virtual channel with the name RDPDR.
Protocol: File
System Virtual Click here to view this version of the [MS-RDPEFS] PDF.
Channel Extension

[MS-RDPEGDI]: Specifies the Remote Desktop Protocol: Graphics Device Interface (GDI)
Remote Desktop Acceleration Extensions, which reduces the bandwidth associated with
Protocol: Graphics graphics remoting by encoding the drawing operations that produce an
Device Interface image instead of encoding the actual image.
(GDI) Acceleration
Extensions Click here to view this version of the [MS-RDPEGDI] PDF.
Specification Description

[MS-RDPEGFX]: Specifies the Remote Desktop Protocol: Graphics Pipeline Extension, a

Remote Desktop graphics protocol that is used to encode graphics display data generated in
Protocol: Graphics a remote terminal server session so that the data can be sent from the server
Pipeline Extension and received, decoded, and rendered by a compatible client. The net effect
is that a desktop or an application running on a remote terminal server
appears as if it is running locally.

Click here to view this version of the [MS-RDPEGFX] PDF.

[MS-RDPEGT]: Specifies the Remote Desktop Protocol: Geometry Tracking Virtual Channel
Remote Desktop Extension, which extends the Remote Desktop Protocol: Basic Connectivity
Protocol: and Graphics Remoting. This protocol facilitates graphics rendering between
Geometry a desktop host and a remote desktop client in a way that the client does not
Tracking Virtual need to know the origin of the graphics.
Channel Protocol
Extension Click here to view this version of the [MS-RDPEGT] PDF.

[MS-RDPEI]: Specifies the Remote Desktop Protocol: Input Virtual Channel Extension,
Remote Desktop which is used to remote multitouch input frames from a terminal server
Protocol: Input client to a terminal server. Multitouch input frames are generated at the
Virtual Channel client, encoded, and sent to the server. Thereafter, these frames are received
Extension and decoded by the server and injected into the session associated with the
remote user.

Click here to view this version of the [MS-RDPEI] PDF.

[MS-RDPELE]: Specifies the Remote Desktop Protocol: Licensing Extension, which expands
Remote Desktop on the licensing protocol sequence specified in [MS-RDPBCGR] to address
Protocol: scenarios requiring the exchange of licensing information between the client
Licensing and server.
Extension
Click here to view this version of the [MS-RDPELE] PDF.

[MS-RDPEMC]: Specifies the Remote Desktop Protocol: Multiparty Virtual Channel

Remote Desktop Extension, which describes the messages that are exchanged between a
Protocol: remote desktop host and the participants with whom it is engaging in
Multiparty Virtual multiparty application sharing.
Channel Extension
Click here to view this version of the [MS-RDPEMC] PDF.

[MS-RDPEMT]: This document specifies the Remote Desktop Protocol: Multitransport

Remote Desktop Extension, which is used to create multiple data-transport connections
Protocol: between an RDP client and an RDP server.
Multitransport
Extension Click here to view this version of the [MS-RDPEMT] PDF.
Specification Description

[MS-RDPEPC]: Specifies the Desktop Protocol: Print Virtual Channel Extensions, which
Remote Desktop specifies the communication used to enable the redirection of printers
Protocol: Print between a terminal client and a terminal server.
Virtual Channel
Extension Click here to view this version of the [MS-RDPEPC] PDF.

[MS-RDPEPNP]: Specifies the Remote Desktop Protocol: Plug and Play Devices Virtual
Remote Desktop Channel Extension, which is used to redirect Plug and Play devices from a
Protocol: Plug and terminal client to the terminal server.
Play Devices
Virtual Channel Click here to view this version of the [MS-RDPEPNP] PDF.
Extension

[MS-RDPEPS]: Specifies the Remote Desktop Protocol: Session Selection Extension, which
Remote Desktop expands upon the original connectivity options specified in [MS-RDPBCGR]
Protocol: Session to address a wide range of new scenarios.
Selection
Extension Click here to view this version of the [MS-RDPEPS] PDF.

[MS-RDPERP]: Specifies the Remote Desktop Protocol: Remote Programs Virtual Channel
Remote Desktop Extension, an RDP feature that presents a remote application (running
Protocol: Remote remotely on a RAIL server) as a local user application (running on the RAIL
Programs Virtual client machine).
Channel Extension
Click here to view this version of the [MS-RDPERP] PDF.

[MS-RDPESC]: Specifies the Remote Desktop Protocol: Smart Card Virtual Channel
Remote Desktop Extension, an extension (including virtual channels) that supports smart card
Protocol: Smart reader-like devices.
Card Virtual
Channel Extension Click here to view this version of the [MS-RDPESC] PDF.

[MS-RDPESP]: Specifies the Remote Desktop Protocol: Serial and Parallel Port Virtual
Remote Desktop Channel Extension, which redirects serial and parallel ports from a terminal
Protocol: Serial client to the terminal server. This extension allows the server to access client
and Parallel Port ports as if the connected devices were local to the server.
Virtual Channel
Extension Click here to view this version of the [MS-RDPESP] PDF.

[MS-RDPET]: Specifies the Remote Desktop Protocol: Telemetry Virtual Channel Extension,
Remote Desktop which extends the Remote Desktop Protocol: Basic Connectivity and
Protocol: Graphics Remoting [MS-RDPBCGR]. This extension is a telemetry protocol
Telemetry Virtual that is used to send client performance metrics to the server.
Channel Extension
Click here to view this version of the [MS-RDPET] PDF.
Specification Description

[MS-RDPEUDP]: Specifies the Remote Desktop Protocol: UDP Transport Extension, which
Remote Desktop extends the transport mechanisms in the Remote Desktop Protocol (RDP) to
Protocol: UDP enable network connectivity between the user's machine and a remote
Transport computer system over the User Datagram Protocol (UDP).
Extension
Click here to view this version of the [MS-RDPEUDP] PDF.

[MS-RDPEUDP2]: Remote Desktop Protocol: UDP Transport Extension Version 2 is used to

Remote Desktop exchange data, for example audio and video, between a remote desktop
Protocol: UDP client and remote desktop server over UDP transport using a URCP based
Transport rate control.
Extension Version
2 Click here to view this version of the [MS-RDPEUDP2] PDF.

[MS-RDPEUSB]: Specifies the Remote Desktop Protocol: USB Devices Virtual Channel
Remote Desktop Extension, which is used to redirect USB devices from a terminal client to the
Protocol: USB terminal server. This allows the server access to devices that are physically
Devices Virtual connected to the client as if the device were local to the server.
Channel Extension
Click here to view this version of the [MS-RDPEUSB] PDF.

[MS-RDPEV]: Specifies the Remote Desktop Protocol: Video Redirection Virtual Channel
Remote Desktop Extension, which redirects audio/video streams from the terminal server to
Protocol: Video the terminal client.
Redirection Virtual
Channel Extension Click here to view this version of the [MS-RDPEV] PDF.

[MS-RDPEVOR]: Specifies the Remote Desktop Protocol: Video Optimized Remoting Virtual
Remote Desktop Channel Extension. This is an extension of the Remote Desktop Protocol:
Protocol: Video Basic Connectivity and Graphics Remoting protocol [MS-RDPBCGR], which
Optimized runs over a dynamic virtual channel, as specified in [MS-RDPEDYC]. The
Remoting Virtual Remote Desktop Protocol: Video Optimized Remoting Virtual Channel
Channel Extension Extension is used to redirect certain rapidly changing graphics content as a
video stream from the remote desktop host to the remote desktop client.
This protocol specifies the communication between a remote desktop host
and a remote desktop client.

Click here to view this version of the [MS-RDPEVOR] PDF.

[MS-RDPEWA]: Specifies the Remote Desktop Protocol (RDP): WebAuthn Virtual Channel
Remote Desktop Protocol which provides a way for a user to do WebAuthn operations over
Protocol: the RDP protocol. It enables a server to send webauthn request to a client,
WebAuthn Virtual the client can then use this request to talk to authenticators (platform as well
Channel Protocol as cross-platform) and reply with the response.

Click here to view this version of the [MS-RDPEWA] PDF.

Specification Description

[MS-RDPEXPS]: Specifies the Remote Desktop Protocol: XML Paper Specification (XPS) Print
Remote Desktop Virtual Channel Extension, which redirects printing jobs from the terminal
Protocol: XML server to the terminal client.
Paper
Specification (XPS) Click here to view this version of the [MS-RDPEXPS] PDF.
Print Virtual
Channel Extension

[MS-RDPNSC]: Specifies the Remote Desktop Protocol: NSCodec Extension, an extension to

Remote Desktop the Remote Desktop Protocol: Basic Connectivity and Graphics Remoting (as
Protocol: specified in [MS-RDPBCGR]). This extension specifies an image codec that
NSCodec can be used to encode screen images by utilizing efficient and effective
Extension compression.

Click here to view this version of the [MS-RDPNSC] PDF.

[MS-RDPRFX]: Specifies the Remote Desktop Protocol: RemoteFX Codec Extension, which
Remote Desktop uses a lossy image codec to encode screen images with efficient and
Protocol: effective compression.
RemoteFX Codec
Extension Click here to view this version of the [MS-RDPRFX] PDF.

[MS-RDWR]: Specifies the Remote Desktop Workspace Runtime Protocol, an HTTP-based

Remote Desktop protocol for the Remote Desktop Service to discover disconnected sessions
Workspace for a user and obtain the files required to reconnect to those disconnected
Runtime Protocol sessions. The protocol uses a SOAP-based payload to describe and provide
the remote resources to reconnect to a user's disconnected sessions.

Click here to view this version of the [MS-RDWR] PDF.

[MS-RMPR]: Specifies the Rights Management Services (RMS) Client-to-Server Protocol, a

Rights SOAP protocol used to obtain and issue certificates and licenses used for
Management creating and working with protected content.
Services (RMS):
Client-to-Server Click here to view this version of the [MS-RMPR] PDF.
Protocol

[MS-RMPRS]: Specifies the Rights Management Services (RMS): Server-to-Server Protocol,

Rights which is used to communicate information between RMS servers,
Management implementing five interfaces, using either a binary-formatted interface over
Services (RMS): HTTP or a SOAP-based protocol over HTTP.
Server-to-Server
Protocol Click here to view this version of the [MS-RMPRS] PDF.
Specification Description

[MS-RMSI]: Rights Specifies the Rights Management Services (RMS): ISV Extension Protocol, a
Management SOAP protocol that is used to communicate information between
Services (RMS): applications and RMS servers directly without using the RMS client.
ISV Extension
Protocol Click here to view this version of the [MS-RMSI] PDF.

[MS-RNAP]: Specifies the Vendor-Specific RADIUS Attributes for Network Access

Vendor-Specific Protection (NAP) Data Structure protocol, which describes the Microsoft
RADIUS Attributes RADIUS vendor-specific attributes (VSAs) that are implemented in the
for Network Windows operating system.
Access Protection
(NAP) Data Click here to view this version of the [MS-RNAP] PDF.
Structure

[MS-RNAS]: Specifies the Vendor-Specific RADIUS Attributes for the Network Policy and
Vendor-Specific Access Server (NPAS) Data Structure protocol, which describes the Microsoft
RADIUS Attributes RADIUS vendor-specific attributes (VSAs) that are implemented in the
for Network Policy Windows operating system.
and Access Server
Data Structure Click here to view this version of the [MS-RNAS] PDF.

[MS-RPCE]: Specifies the Remote Procedure Call Protocol Extensions, a set of extensions
Remote Procedure to the DCE Remote Procedure Call 1.1 Specification, as specified in [C706].
Call Protocol These extensions add new capabilities to the DCE 1.1: RPC Specification,
Extensions allow for more secure implementations to be built, and, in some cases, place
additional restrictions on the DCE RPC Specification.

Click here to view this version of the [MS-RPCE] PDF.

[MS-RPCH]: Specifies the Remote Procedure Call over HTTP Protocol, which describes the
Remote Procedure use of HTTP or HTTPS as a transport for the Remote Procedure Call (RPC)
Call over HTTP Protocol, as specified in [C706] and extended in [MS-RPCE].
Protocol
Click here to view this version of the [MS-RPCH] PDF.

[MS-RPCL]: Specifies the Remote Procedure Call Location Services Extensions, a set of
Remote Procedure extensions and restrictions to the DCE Remote Procedure Call Location
Call Location Services specification as defined in [C706].
Services
Extensions Click here to view this version of the [MS-RPCL] PDF.

[MS-RPRN]: Print Specifies the Print System Remote Protocol, which defines the
System Remote communication of print job processing and print system management
Protocol between a print client and a print server.

Click here to view this version of the [MS-RPRN] PDF.

Specification Description

[MS-RRASM]: Specifies the Routing and Remote Access Server (RRAS) Management
Routing and Protocol, which enables remote management (configuration and
Remote Access monitoring) of RRAS. The RRAS implementation refers to the components
Server (RRAS) that can be configured to provide routing, remote access service, and site-
Management to-site connectivity.
Protocol
Click here to view this version of the [MS-RRASM] PDF.

[MS-RRP]: Specifies the Windows Remote Registry Protocol, a remote procedure call
Windows Remote (RPC)-based client/server protocol that is used to remotely manage a
Registry Protocol hierarchical data store such as the Windows registry.

Click here to view this version of the [MS-RRP] PDF.

[MS-RRSP2]: Specifies the Remote Rendering Protocol Version 2, a user interface system
Remote Rendering for applications in Windows Media Center, which consists of an application-
Server Protocol side component model connected to a remote renderer by an asynchronous
Version 2.0 messaging system that enables the quick and easy construction of
captivating interfaces.

Click here to view this version of the [MS-RRSP2] PDF.

[MS-RSMC]: Specifies and provides support for client machines to monitor and manage
Remote Session Remote Desktop Protocol (RDP) sessions on a server machine. The protocol
Monitoring and provides a set of web service APIs that are implemented as a SOAP-based
Control Protocol protocol that uses Hypertext Transfer Protocol (HTTP) and Hypertext Transfer
Protocol over Secure Sockets Layer (HTTPS) as its transport.

Click here to view this version of the [MS-RSMC] PDF.

[MS-RSMP]: Specifies the Removable Storage Manager (RSM) Remote Protocol, a set of
Removable distributed component object model (DCOM) interfaces for applications to
Storage Manager manage robotic changers, media libraries, and tape drives. This protocol
(RSM) Remote deals with detailed low-level operating system and storage concepts.
Protocol
Click here to view this version of the [MS-RSMP] PDF.

[MS-RSP]: Remote Specifies the Remote Shutdown Protocol, which is designed for shutting
Shutdown down, or for terminating the shutdown, of a remote computer during the
Protocol shutdown waiting period.

Click here to view this version of the [MS-RSP] PDF.

Specification Description

[MS-RSVD]: Specifies the Remote Shared Virtual Disk Protocol, which supports accessing
Remote Shared and manipulating virtual disks stored as files on an SMB3 file server. This
Virtual Disk protocol enables opening, querying, administering, reserving, reading, and
Protocol writing the virtual disk objects, providing for flexible access by single or
multiple consumers. It also provides for forwarding of SCSI operations, to be
processed by the virtual disk.

Click here to view this version of the [MS-RSVD] PDF.

[MS-RTPDT]: Real- Specifies the Real-Time Transport Protocol (RTP/RTCP): DTMF Digits,
Time Transport Telephony Tones, and Telephony Signals Data Extensions, which describes
Protocol the payload format needed to carry DTMF digits, tones, and signals in RTP
(RTP/RTCP): DTMF packets over a network transport.
Digits, Telephony
Tones and Click here to view this version of the [MS-RTPDT] PDF.
Telephony Signals
Data Extensions

[MS-RTPME]: Real- Specifies the Real-Time Transport Protocol (RTP/RTCP): Microsoft Extensions,
Time Transport which is a set of network transport functions suitable for applications
Protocol transmitting real-time data, such as audio and video, across multimedia
(RTP/RTCP): endpoints.
Microsoft
Extensions Click here to view this version of the [MS-RTPME] PDF.

[MS-RTPRAD]: Specifies the Real-Time Transport Protocol (RTP/RTCP): Redundant Audio

Real-Time Data Extensions, which encodes redundant audio data for use with the Real-
Transport Protocol Time Transport Protocol (RTP) Extensions protocol.
(RTP/RTCP):
Redundant Audio Click here to view this version of the [MS-RTPRAD] PDF.
Data Extensions

[MS-RTSP]: Real- Specifies the Real-Time Streaming Protocol (RTSP) Windows Media
Time Streaming Extensions, which defines Windows Media extensions to the Real-Time
Protocol (RTSP) Streaming Protocol (RTSP).
Windows Media
Extensions Click here to view this version of the [MS-RTSP] PDF.

[MS-RXAD]: Specifies the Remote Experience Advertisement Protocol, which enables a

Remote Universal Plug and Play (UPnP) service implemented by a device to be used
Experience by the client to advertise available remote experience information to that
Advertisement device.
Protocol
Click here to view this version of the [MS-RXAD] PDF.
Specification Description

[MS-SAMLPR]: Specifies the Security Assertion Markup Language (SAML) Proxy Request
Security Assertion Signing Protocol, which allows proxy servers to perform operations that
Markup Language require knowledge of configured keys and other state information about
(SAML) Proxy federated sites known by the Security Token service server.
Request Signing
Protocol Click here to view this version of the [MS-SAMLPR] PDF.

[MS-SAMR]: Specifies the Security Account Manager (SAM) Remote Protocol, which
Security Account supports management functionality for an account store or directory
Manager (SAM) containing users and groups. The goal of the protocol is to enable IT
Remote Protocol administrators and users to manage users, groups, and computers.
(Client-to-Server)
Click here to view this version of the [MS-SAMR] PDF.

[MS-SAMS]: Specifies the Security Account Manager (SAM) Remote Protocol (Server-to-
Security Account Server). Domain controllers (DCs) use this protocol to forward time-critical
Manager (SAM) database changes to the primary domain controller (PDC), and to forward
Remote Protocol time-critical database changes from a read-only domain controller (RODC)
(Server-to-Server) to a writable NC replica within the same domain outside the normal
replication protocol.

Click here to view this version of the [MS-SAMS] PDF.

[MS-SCMP]: Specifies the Shadow Copy Management Protocol, which programmatically

Shadow Copy enumerates shadow copies and configures shadow copy storage on remote
Management machines.
Protocol
Click here to view this version of the [MS-SCMP] PDF.

[MS-SCMR]: Specifies the Service Control Manager Remote Protocol, which is used for
Service Control remotely managing the Service Control Manager (SCM), an RPC server that
Manager Remote enables service configuration and control of service programs.
Protocol
Click here to view this version of the [MS-SCMR] PDF.

[MS-SDP]: Session Specifies the Session Description Protocol (SDP) Extensions, which describes
Description the session description that is used to negotiate instant messaging, audio
Protocol (SDP) and video, and data collaboration sessions, and notes the extensions used.
Extensions
Click here to view this version of the [MS-SDP] PDF.
Specification Description

[MS-SFMWA]: Specifies the Server and File Management Web APIs Protocol, which is used
Server and File to access a REST-based server and to manage files over the HTTPS
Management Web transports. The protocol exposes a set of built-in web services for third-party
APIs Protocol developers to build applications on different devices that can access files
and manage servers remotely. The protocol also allows third-party
developers to add their own web services without the need to handle
authentication.

Click here to view this version of the [MS-SFMWA] PDF.

[MS-SFU]: Specifies the Kerberos Protocol Extensions: Service for User and Constrained
Kerberos Protocol Delegation Protocol, which are two extensions to the Kerberos protocol as
Extensions: developed by Microsoft. These two extensions, collectively known as Service
Service for User for User (S4U), enable an application service to obtain a Kerberos service
and Constrained ticket on behalf of a user.
Delegation
Protocol Click here to view this version of the [MS-SFU] PDF.

[MS-SHLLINK]: Specifies the Shell Link Binary File Format, which contains information that
Shell Link (.LNK) can be used to access another data object. The Shell Link Binary File Format
Binary File Format is the format of Windows files with the extension "LNK".

Click here to view this version of the [MS-SHLLINK] PDF.

[MS-SIP]: Session Specifies Microsoft extensions to the Session Initiation Protocol (SIP), as
Initiation Protocol specified in [RFC3261], which is used by terminals to establish, modify, and
Extensions terminate multimedia sessions or calls. The SIP extensions add support for
privacy features and for subscription requests for offline end nodes to the
SIP extensions for presence.

Click here to view this version of the [MS-SIP] PDF.

[MS-SMB]: Server Specifies the Server Message Block (SMB) Protocol, which defines extensions
Message Block to the existing Common Internet File System (CIFS) specification that have
(SMB) Protocol been implemented by Microsoft since the publication of the [CIFS]
specification.

Click here to view this version of the [MS-SMB] PDF.

[MS-SMB2]: Server Specifies the Server Message Block (SMB) Protocol Versions 2 and 3, which
Message Block support the sharing of file and print resources between machines and
(SMB) Protocol extend the concepts from the Server Message Block Protocol.
Versions 2 and 3
Click here to view this version of the [MS-SMB2] PDF.
Specification Description

[MS-SMBD]: SMB2 Specifies the SMB2 Remote Direct Memory Access (RDMA) Transport
Remote Direct Protocol, a wrapper for the existing SMB2 protocol that allows SMB2 packets
Memory Access to be delivered over RDMA-capable transports such as iWARP or Infiniband
(RDMA) Transport while utilizing the direct data placement (DDP) capabilities of these
Protocol transports. Benefits include reduced CPU overhead, lower latency, and
improved throughput.

Click here to view this version of the [MS-SMBD] PDF.

[MS-SMTPNTLM]: Specifies the NT LAN Manager (NTLM) Authentication: Simple Mail Transfer
NT LAN Manager Protocol (SMTP) Extension, which uses NT LAN Manager (NTLM)
(NTLM) authentication (as specified in [MS-NLMP]) by the Simple Mail Transfer
Authentication: Protocol (SMTP) to facilitate client authentication to a Windows SMTP server.
Simple Mail
Transfer Protocol Click here to view this version of the [MS-SMTPNTLM] PDF.
(SMTP) Extension

[MS-SNID]: Server Specifies the Server Network Information Discovery Protocol, which defines
Network a pair of request and response messages by which a protocol client can
Information locate protocol servers within the broadcast/multicast scope. The client can
Discovery then get network information (such as NetBIOS name, Internet Protocol
Protocol version 4 (IPv4), and Internet Protocol version 6 (IPv6) addresses) about the
servers.

Click here to view this version of the [MS-SNID] PDF.

[MS-SNTP]: Specifies the Network Time Protocol (NTP) Authentication Extensions, which
Network Time is an authentication extension to the Network Time Protocol (NTP) version 3
Protocol (NTP) ([RFC1305]) and the Simple Network Time Protocol (SNTP) version 4
Authentication ([RFC2030]).
Extensions
Click here to view this version of the [MS-SNTP] PDF.

[MS-SPNG]: Specifies the Simple and Protected GSS-API Negotiation Mechanism

Simple and (SPNEGO) Protocol Extension. SPNEGO is a security protocol that uses a
Protected GSS-API GSS-API authentication mechanism. GSS-API is a literal set of functions that
Negotiation include both an API and a methodology for approaching authentication.
Mechanism
(SPNEGO) Click here to view this version of the [MS-SPNG] PDF.
Extension

[MS-SQMCS]: Specifies the Software Quality Metrics (SQM) Client-to-Service Protocol V1,
Software Quality used to send software instrumentation metrics to the SQM service and by
Metrics (SQM) the client to download client-specific control data. The protocol allows
Client-to-Service applications and operating system components to collect and send
Version 1 Protocol instrumentation metrics to a hosted service.

Click here to view this version of the [MS-SQMCS] PDF.

Specification Description

[MS-SQMCS2]: Specifies the Software Quality Metrics (SQM) Client-to-Service Protocol V2,
Software Quality which is used to send software instrumentation metrics to the SQM service
Metrics (SQM) and for the client to download client-specific control data. The protocol
Client-to-Service extends the concepts of the Software Quality Metrics (SQM) Client-to-
Version 2 Protocol Service Protocol, as specified in [MS-SQMCS].

Click here to view this version of the [MS-SQMCS2] PDF.

[MS-SQOS]: Specifies the Storage Quality of Service (QoS) Protocol, which is a block-
Storage Quality of based protocol that is used to manage the Quality of Service configuration
Service Protocol of I/O flows targeting remote files accessed over SMB3.

Click here to view this version of the [MS-SQOS] PDF.

[MS-SRPL]: Specifies the Directory Replication Service (DRS) Protocol Extensions for
Directory SMTP. These are extensions to the DRS Protocol for transport over the
Replication Simple Mail Transfer Protocol (SMTP), which provide an alternate transport
Service (DRS) for the DRS protocol that may allow domain controllers to perform
Protocol replication in environments where the RPC transport mechanism is
Extensions for unsuitable.
SMTP
Click here to view this version of the [MS-SRPL] PDF.

[MS-SRVS]: Server Specifies the Server Service Remote Protocol, which remotely enables file
Service Remote and printer sharing and named pipe access to the server through the Server
Protocol Message Block Protocol.

Click here to view this version of the [MS-SRVS] PDF.

[MS-SSDP]: SSDP: Specifies the Networked Home Entertainment Devices (NHED) Extensions,
Networked Home which detects devices on a home network. These extensions provide a
Entertainment mechanism for a control point to discover a device on the network without
Devices (NHED) requiring the device to implement a complete SSDP stack.
Extensions
Click here to view this version of the [MS-SSDP] PDF.

[MS-SSEAN]: Specifies the SMTP Service Extension for Negotiate Authentication, which
Simple Mail enables SMTP clients to authenticate to SMTP servers by using the Simple
Transfer Protocol and Protected Negotiate (SPNEGO) mechanism.
(SMTP) AUTH
Extension for Click here to view this version of the [MS-SSEAN] PDF.
SPNEGO

[MS-SSTP]: Secure Specifies the Secure Socket Tunneling Protocol (SSTP), which is a mechanism
Socket Tunneling to transport data-link layer (L2) frames on a Hypertext Transfer Protocol over
Protocol (SSTP) Secure Sockets Layer (HTTPS) connection.

Click here to view this version of the [MS-SSTP] PDF.

Specification Description

[MS-SSTR]: Specifies the Smooth Streaming Protocol, which provides a means of

Smooth delivering media from servers to clients in a way that can be cached by
Streaming standard HTTP Cache Proxies in the communication chain. Allowing standard
Protocol HTTP Cache Proxies to respond to requests on behalf of the server increases
the number of clients that can be served by a single server.

Click here to view this version of the [MS-SSTR] PDF.

[MS-SWN]: Specifies the Service Witness Protocol, which enables an SMB2 clustered file
Service Witness server to notify SMB2 clients with prompt and explicit notifications about the
Protocol failure or recovery of a network name and associated services.

Click here to view this version of the [MS-SWN] PDF.

[MS-SWSB]: SOAP Specifies the SOAP over WebSocket Protocol Binding, a binding of SOAP to
Over WebSocket the WebSocket protocol (as defined in [DRAFT-WSP]), including a WSDL
Protocol Binding transport URI and supported message exchange patterns (MEPs). It specifies
how messages defined by a higher-layer protocol are formed and framed for
transport over [DRAFT-WSP]. This specification also defines a WebSocket
subprotocol.

Click here to view this version of the [MS-SWSB] PDF.

[MS-TAIL]: Specifies the Telephony API Internet Locator Service Protocol, which uses
Telephony API Lightweight Directory Access Protocol (LDAP) requests to retrieve
Internet Locator information stored in the Internet Locator Service (ILS) dynamic instance. It is
Service Protocol used for communication between a client using the Telephony Application
Programming Interface (TAPI) and an ILS server.

Click here to view this version of the [MS-TAIL] PDF.

[MS-TCC]: Specifies the Tethering Control Channel Protocol, which enables the sharing
Tethering Control of the network connection for a server with one or more clients.
Channel Protocol
Click here to view this version of the [MS-TCC] PDF.

[MS-TDS]: Tabular Specifies the Tabular Data Stream Protocol, which is an application layer
Data Stream request/response protocol that facilitates interaction with a database server
Protocol and provides for authentication and channel encryption negotiation;
specification of requests in SQL (including Bulk Insert); invocation of a stored
procedure, also known as a Remote Procedure Call (RPC); returning of data;
and Transaction Manager Requests.

Click here to view this version of the [MS-TDS] PDF.

[MS-THCH]: Specifies the Tracing HTTP Correlation Header, which is used to enable
Tracing HTTP correlation between client and server-side traces.
Correlation
Header Protocol Click here to view this version of the [MS-THCH] PDF.
Specification Description

[MS-TIPP]: Specifies the Transaction Internet Protocol (TIP) Extensions, which is a set of
Transaction extensions to the standard Transaction Internet Protocol (TIP) Version 3.0, as
Internet Protocol specified in [RFC2371]. The protocol provides concrete mechanisms for
(TIP) Extensions associating an OleTx transaction and a TIP transaction.

Click here to view this version of the [MS-TIPP] PDF.

[MS-TLSP]: Specifies the Transport Layer Security (TLS) Profile, which is the
Transport Layer authentication option to the Telnet protocol as a generic method for
Security (TLS) negotiating an authentication type and mode, including determining
Profile whether encryption should be used and whether credentials should be
forwarded.

Click here to view this version of the [MS-TLSP] PDF.

[MS-TNAP]: Specifies the Telnet: NT LAN Manager (NTLM) Authentication Protocol,

Telnet: NT LAN which is the authentication option to the Telnet protocol as a generic
Manager (NTLM) method for negotiating an authentication type and mode, including
Authentication determining whether encryption should be used and whether credentials
Protocol should be forwarded.

Click here to view this version of the [MS-TNAP] PDF.

[MS-TPMVSC]: Specifies the DCOM Interfaces for Trusted Platform Module (TPM) Virtual
Trusted Platform Smart Card device management, which are used to manage virtual smart
Module (TPM) cards (VSCs) on a remote machine. They provide methods for a protocol
Virtual Smart Card client to request creation and destruction of VSCs, and to monitor the status
Management of these operations.
Protocol
Click here to view this version of the [MS-TPMVSC] PDF.

[MS-TPXS]: Specifies the Telemetry Protocol XML Schema. This schema defines the
Telemetry message structure used by the Software Quality Metrics (SQM) Client-to-
Protocol XML Service Protocol V2, specified in [MS-SQMCS2]. The schema is used to send
Schema software instrumentation metrics from a client to the SQM service and for
the client to download client-specific control data.

Click here to view this version of the [MS-TPXS] PDF.

[MS-TRP]: Specifies the Telephony Remote Protocol, which enables implementation of

Telephony Remote communications applications ranging from voice mail to call centers with
Protocol multiple agents and switches.

Click here to view this version of the [MS-TRP] PDF.

[MS-TSCH]: Task Specifies the Task Scheduler Service Remoting Protocol, which is used to
Scheduler Service register and configure a task and to inquire about the status of tasks that are
Remoting running on a remote machine.
Protocol
Click here to view this version of the [MS-TSCH] PDF.
Specification Description

[MS-TSGU]: Specifies the Terminal Services Gateway Server Protocol, which is a

Terminal Services mechanism to transport data-link layer (L2) frames on a Hypertext Transfer
Gateway Server Protocol over Secure Sockets Layer (HTTPS) connection.
Protocol
Click here to view this version of the [MS-TSGU] PDF.

[MS-TSRAP]: Specifies the Telnet Server Remote Administration Protocol, which is a set of
Telnet Server interfaces used for performing management tasks on a Telnet Server.
Remote
Administration Click here to view this version of the [MS-TSRAP] PDF.
Protocol

[MS-TSTS]: Specifies the Terminal Services Terminal Server Runtime Interface Protocol,
Terminal Services which is an RPC-based protocol used for remotely querying and configuring
Terminal Server various aspects of a terminal server.
Runtime Interface
Protocol Click here to view this version of the [MS-TSTS] PDF.

[MS-TSWP]: Specifies the Terminal Services Workspace Provisioning Protocol, which is

Terminal Services used for transferring remote resource information from a server to a client.
Workspace The client can use this resource information to launch resources such as
Provisioning remote applications on a remote server.
Protocol
Click here to view this version of the [MS-TSWP] PDF.

[MS-TVTT]: Telnet: Specifies the Telnet: VTNT Terminal Type Format Data Structure, which
VTNT Terminal defines the structures for Telnet VTNT Terminal Type Format, and how the
Type Format Data client and server negotiate the use of this format.
Structure
Click here to view this version of the [MS-TVTT] PDF.

[MS-UAMG]: Specifies the Update Agent Management Protocol, which provides a set of
Update Agent types and interfaces that allows callers to manage an update agent and to
Management invoke some update agent operations, such as an update search.
Protocol
Click here to view this version of the [MS-UAMG] PDF.

[MS-UNMP]: User Specifies the User Name Mapping Protocol, which maps Windows domain
Name Mapping user and group account names to the POSIX user and group identifiers used
Protocol in AUTH_UNIX authentication, and vice versa. This enables the association of
user names for users who have different identities in Windows-based and
UNIX-based domains.

Click here to view this version of the [MS-UNMP] PDF.

Specification Description

[MS-UPIGD]: UPnP Specifies the UPnP: Device and Service Templates: Internet Gateway Device
Device and (IGD) Extensions. These structure extensions define extensions to the
Service Templates: Universal Plug-n-Play (UPnP) device schema that describes an Internet
Internet Gateway gateway device.
Device (IGD)
Extensions Click here to view this version of the [MS-UPIGD] PDF.

[MS-UPMC]: UPnP Specifies the Microsoft Media Property Extensions (MMPE), the Microsoft
Device and Compatibility Extension Flags (MCEF), and the Microsoft Power Management
Service Templates: Extensions (MPME) to the Universal Plug and Play (UPnP) interoperability
Media Property guidelines, as specified by the UPnP Forum [UPnP] and used by the Digital
and Compatibility Living Network Alliance (DLNA) [DLNA].
Extensions
Click here to view this version of the [MS-UPMC] PDF.

[MS-V4OF]: IPv4 Specifies the IPv4 Over IEEE 1394 Protocol Extension, which is the Microsoft
Over IEEE 1394 extension to the IPv4 over IEEE 1394 protocol to support bridging and
Protocol clarifies the implementation details as specified in [RFC2734] where
Extensions necessary.

Click here to view this version of the [MS-V4OF] PDF.

[MS-VAPR]: Virtual Specifies the virtual applications that a user is entitled to so that these
Application applications can be downloaded and installed on the user's machine. It is
Publishing and also used to report virtual application usage information to the server so
Reporting (App-V) that usage information across multiple users can be aggregated to infer
Protocol broad virtual application usage patterns across an organization.

Click here to view this version of the [MS-VAPR] PDF.

[MS-VDS]: Virtual Specifies the Virtual Disk Service (VDS) Protocol, a set of distributed
Disk Service (VDS) component object model (DCOM) interfaces for managing the configuration
Protocol of disk storage.

Click here to view this version of the [MS-VDS] PDF.

[MS-VHDX]: Specifies the Virtual Hard Disk v2 (VHDX) File Format Protocol, the virtual
Virtual Hard Disk hard disk format that provides a disk-in-a-file abstraction.
v2 (VHDX) File
Format Click here to view this version of the [MS-VHDX] PDF.

[MS-VUVP]: VT- Specifies the VT-UTF8 and VT100+ Protocols, which are used for point-to-
UTF8 and VT100+ point serial communication for terminal control and headless server
Protocols configuration.

Click here to view this version of the [MS-VUVP] PDF.

Specification Description

[MS-W32T]: Specifies the W32Time Remote Protocol, which is used for controlling and
W32Time Remote monitoring a time service on a machine. This RPC interface supports time
Protocol services that synchronize time using the Network Time Protocol (NTP)
Version 3, as specified in [RFC1305], as well as platform-specific hardware
time sources.

Click here to view this version of the [MS-W32T] PDF.

[MS-WCCE]: Specifies the Windows Client Certificate Enrollment Protocol, which consists
Windows Client of a set of DCOM interfaces that enable clients to request various services
Certificate from a certification authority (CA). These services enable X.509 (as specified
Enrollment in [X509]) digital certificate enrollment, issuance, revocation, and property
Protocol retrieval.

Click here to view this version of the [MS-WCCE] PDF.

[MS-WCFESAN]: Specifies the WCF-Based Encrypted Server Administration and Notification

WCF-Based Protocol, which enables the protocol client to monitor and manage the
Encrypted Server protocol server in the same network.
Administration
and Notification Click here to view this version of the [MS-WCFESAN] PDF.
Protocol

[MS-WDHCE]: Wi- Specifies the Wi-Fi Display Protocol: Hardware Cursor Extension, which
Fi Display extends the Miracast v1.1 protocol to provide an additional, low-latency
Protocol: stream suitable for controlling the mouse cursor at a higher update rate.
Hardware Cursor
Extension Click here to view this version of the [MS-WDHCE] PDF.

[MS-WDSC]: Specifies the Windows Deployment Services (WDS) Control Protocol, which
Windows is an RPC interface that provides the ability to remotely invoke services
Deployment provided by WDS Server. It is a client/server protocol that uses RPC as a
Services Control transport. The protocol provides a generic invocation mechanism to send
Protocol requests to the server and receive replies.

Click here to view this version of the [MS-WDSC] PDF.

[MS-WDSMA]: Specifies the Windows Deployment Services Multicast Application Protocol,

Windows which enables clients to join the multicast session at any point during the
Deployment lifetime of the .multicast session, and still be able to get all pieces of the
Services Multicast content.
Application
Protocol Click here to view this version of the [MS-WDSMA] PDF.
Specification Description

[MS-WDSMSI]: Specifies the Windows Deployment Services Multicast Session Initiation

Windows Protocol, which describes two mechanisms for the client to request initiation
Deployment of a Multicast Session from the server.
Services Multicast
Session Initiation Click here to view this version of the [MS-WDSMSI] PDF.
Protocol

[MS-WDSMT]: Specifies the Windows Deployment Services Multicast Transport Protocol,

Windows which enables transmission of content to multiple clients using Multicast
Deployment UDP.
Services Multicast
Transport Protocol Click here to view this version of the [MS-WDSMT] PDF.

[MS-WDSOSD]: Specifies the Windows Deployment Services Operation System Deployment

Windows Protocol . This protocol defines services exposed by the WDS Server that are
Deployment used by the clients to deploy an operating system on a machine.
Services
Operation System Click here to view this version of the [MS-WDSOSD] PDF.
Deployment
Protocol

[MS-WDV]: Web Specifies the Web Distributed Authoring and Versioning (WebDAV) Protocol:
Distributed Client Extensions, which extends WebDAV by introducing new headers that
Authoring and both enable the file types that are not currently manageable and optimize
Versioning protocol interactions for file system clients. These extensions do not
(WebDAV) introduce new functionality into WebDAV, but instead optimize processing
Protocol: Client and eliminate the need for special-case processing.
Extensions
Click here to view this version of the [MS-WDV] PDF.

[MS-WDVSE]: Web Specifies the Web Distributed Authoring and Versioning (WebDAV) Protocol:
Distributed Server Extension, which extends the standard HTTP mechanisms defined in
Authoring and [RFC2068] to provide file access and content management over the Internet.
Versioning
(WebDAV) Click here to view this version of the [MS-WDVSE] PDF.
Protocol: Server
Extensions

[MS-WFDAA]: Wi- Specifies the Wi-Fi Direct (WFD) Protocol: Proximity Extensions, which enable
Fi Direct (WFD) two or more devices that are running the same application to establish a
Application to direct connection without requiring an intermediary, such as an
Application infrastructure wireless access point (WAP).
Protocol
Click here to view this version of the [MS-WFDAA] PDF.
Specification Description

[MS-WFDPE]: Wi- Specifies an extension for the Wi-Fi Display Technical Specification v1.1.
Fi Display Protocol Enables latency control, extended diagnostic information, and dynamic
Extension format changes on Wi-Fi Display Devices. When implemented, these
extensions provide an improved and more consistent Wi-Fi Display
experience for a variety of wireless display scenarios, including word
processing, web browsing, gaming, and video projection.

Click here to view this version of the [MS-WFDPE] PDF.

[MS-WFIM]: Specifies the Workflow Instance Management Protocol, which defines a set
Workflow Instance of SOAP messages for the management of workflow instances, such as
Management suspending, resuming, or canceling an instance.
Protocol
Click here to view this version of the [MS-WFIM] PDF.

[MS-WINSRA]: Specifies the Windows Internet Naming Service (WINS) Replication and
Windows Internet Autodiscovery Protocol, the Microsoft implementation of NetBIOS Name
Naming Service Server (NBNS). This protocol supports resolution of NetBIOS names to IPv4
(WINS) addresses.
Replication and
Autodiscovery Click here to view this version of the [MS-WINSRA] PDF.
Protocol

[MS-WKST]: Specifies the Workstation Service Remote Protocol, which remotely queries
Workstation and configures certain aspects of a Server Message Block network redirector
Service Remote on a remote computer.
Protocol
Click here to view this version of the [MS-WKST] PDF.

[MS-WMF]: Specifies the Windows Metafile Format structure. A Windows metafile is a

Windows Metafile container for an image, which is defined by series of variable-length records,
Format called metafile records.

Click here to view this version of the [MS-WMF] PDF.

[MS-WMHTTP]: Specifies the Windows Media HTTP Push Distribution Protocol, which is used
Windows Media for transferring real-time multimedia data (for example, audio and video)
HTTP Push from a client to a server.
Distribution
Protocol Click here to view this version of the [MS-WMHTTP] PDF.

[MS-WMI]: Specifies the Windows Management Instrumentation Remote Protocol,

Windows which uses the Common Information Model (CIM), as specified in [DMTF-
Management DSP004], to represent various components of the operating system. CIM is
Instrumentation the conceptual model for storing enterprise management information.
Remote Protocol
Click here to view this version of the [MS-WMI] PDF.
Specification Description

[MS-WMIO]: Specifies the Windows Management Instrumentation Encoding Version 1.0

Windows Protocol, which is a binary data encoding format used by the Windows
Management Management Instrumentation Remote Protocol, as specified in [MS-WMI],
Instrumentation for network communication.
Encoding Version
1.0 Protocol Click here to view this version of the [MS-WMIO] PDF.

[MS-WMLOG]: Specifies the Windows Media Log Data Structure, which is a syntax for
Windows Media logging messages. The logging messages specify information about how a
Log Data client received multimedia content from a streaming server.
Structure
Click here to view this version of the [MS-WMLOG] PDF.

[MS-WMSP]: Specifies the Windows Media HTTP Streaming Protocol, a client/server-

Windows Media based protocol used to stream real-time data between the client (the
HTTP Streaming receiver of streaming data) and server (the sender of streaming data).
Protocol
Click here to view this version of the [MS-WMSP] PDF.

[MS-WPRN]: Web Specifies the Web Point-and-Print Protocol, which is an HTTP-based protocol
Point-and-Print that clients use to download printer driver software from a server in the
Protocol client network or from a Web site. This enables distribution of printer driver
software using standard Web technologies.

Click here to view this version of the [MS-WPRN] PDF.

[MS-WSDS]: WS- Specifies the WS-Enumeration Directory Services Protocol Extensions, a set
Enumeration: of extensions to the Web Services Enumeration (WS-Enumeration)
Directory Services [WSENUM] protocol for facilitating SOAP-based search operations against
Protocol directory servers.
Extensions
Click here to view this version of the [MS-WSDS] PDF.

[MS-WSH]: Specifies the Windows Security Health Agent (WSHA) and Windows Security
Windows Security Health Validator (WSHV) Protocol, which reports the system security health
Health Agent state.
(WSHA) and
Windows Security Click here to view this version of the [MS-WSH] PDF.
Health Validator
(WSHV) Protocol

[MS-WSMAN]: Specifies the Web Services Management Protocol Extensions, which is a

Web Services general purpose, SOAP-based systems management extension that defines
Management procedures for carrying out remote management operations.
Protocol
Extensions for Click here to view this version of the [MS-WSMAN] PDF.
Windows Server
2003
Specification Description

[MS-WSMV]: Web Specifies the Web Services Management Protocol Extensions for Windows
Services Vista, which provides Windows Vista extensions to the WS-Management
Management Protocol, the WS-Management Binding Specification, and the WS-CIM
Protocol Mapping Specification for accessing CIM objects as a Web service.
Extensions for
Windows Vista Click here to view this version of the [MS-WSMV] PDF.

[MS-WSP]: Specifies the Windows Search Protocol (WSP), which allows a client to
Windows Search communicate with a server hosting a Windows Search service (WSS) to issue
Protocol queries.

Click here to view this version of the [MS-WSP] PDF.

[MS-WSPE]: Specifies the WebSocket Protocol: Disable Masking Extension, which extends
WebSocket the WebSocket Protocol to improve performance by allowing developers to
Protocol set a property to disable masking.
Extensions
Click here to view this version of the [MS-WSPE] PDF.

[MS-WSPELD]: Specifies the WS-Transfer: Lightweight Directory Access Protocol (LDAP) v3

WS-Transfer and Controls, also known as WSPELD. This protocol extends the Web Services
WS-Enumeration Enumeration (WS-Enumeration) [WSENUM] and Web Services Transfer (WS-
Protocol Extension Transfer) [WXFR] protocols.
for Lightweight
Directory Access Click here to view this version of the [MS-WSPELD] PDF.
Protocol v3
Controls

[MS-WSPOL]: Web Specifies a collection of Web service policy assertions, which define domain-
Services: Policy specific behavior for the interaction between two Web service entities.
Assertions and
WSDL Extensions Click here to view this version of the [MS-WSPOL] PDF.

[MS-WSRM]: Specifies the Windows System Resource Manager (WSRM) Protocol, a set of
Windows System Distributed Component Object Model (DCOM) interfaces for managing the
Resource Manager configuration of processor, memory resources, and accounting functions on
(WSRM) Protocol a server.

Click here to view this version of the [MS-WSRM] PDF.

[MS-WSRVCAT]: Specifies the WS-AtomicTransaction (WS-AT) Version 1.0 Protocol Extensions,

WS- which extends the WS-AtomicTransaction protocol by enabling WS-
AtomicTransaction AtomicTransaction initiators, participants, and coordinators to participate in
(WS-AT) Version transactions coordinated by OleTx transaction managers.
1.0 Protocol
Extensions Click here to view this version of the [MS-WSRVCAT] PDF.
Specification Description

[MS-WSRVCRM]: Specifies the WS-ReliableMessaging Protocol: Advanced Flow Control

WS- Extension, which is an advanced message flow control extension to the Web
ReliableMessaging Services Reliable Messaging Protocol [WSRM1-0] [WSRM1-1].
Protocol:
Advanced Flow Click here to view this version of the [MS-WSRVCRM] PDF.
Control Extension

[MS-WSRVCRR]: Specifies the WS-ReliableMessaging Protocol: Reliable Request-Reply

WS- Extension. This extension assumes the use of duplex underlying protocols in
ReliableMessaging order to provide support for applications designed to interact using a
Protocol: Reliable request-response message exchange pattern. The request-reply extension
Request-Reply enables these applications to communicate reliably over transfer protocols
Extension that support only SOAP Request-Response.

Click here to view this version of the [MS-WSRVCRR] PDF.

[MS-WSTC]: WS- Specifies the WS-Discovery: Termination Criteria Protocol Extensions. This
Discovery: extends the WS-Discovery protocol for sending and receiving termination
Termination criteria as part of WS-Discovery Probe and Resolve messages.
Criteria Protocol
Extensions Click here to view this version of the [MS-WSTC] PDF.

[MS-WSTEP]: WS- Specifies the WS-Trust X.509v3 Token Enrollment Extensions, also known as
Trust X.509v3 WSTEP. The protocol specification defines the message formats and server
Token Enrollment behavior for the purposes of certificate enrollment.
Extensions
Click here to view this version of the [MS-WSTEP] PDF.

[MS-WSTIM]: WS- Specifies the WS-Transfer: Identity Management Operations for Directory
Transfer: Identity Access Extensions, a set of extensions to the WS-Transfer protocol [WXFR]
Management for representing the protocol operations commonly used for directory
Operations for access in identity management protocols.
Directory Access
Extensions Click here to view this version of the [MS-WSTIM] PDF.

[MS-WSUSAR]: Specifies the Windows Server Update Services: Administrative API Remoting
Windows Server Protocol (WSUSAR), which enables communication between the Windows
Update Services: Server Update Services (WSUS) management API and a WSUS server.
Administrative API
Remoting Click here to view this version of the [MS-WSUSAR] PDF.
Protocol
(WSUSAR)

[MS-WSUSSS]: Specifies the Windows Update Services: Server-Server Protocol, which

Windows Update enables a hierarchically organized collection of servers to synchronize
Services: Server- metadata and content associated with software updates over the Internet by
Server Protocol using SOAP and HTTP protocols.

Click here to view this version of the [MS-WSUSSS] PDF.

Specification Description

[MS-WUSP]: Specifies the Windows Update Services: Client-Server Protocol, which

Windows Update enables machines to discover and download software updates over the
Services: Client- Internet using the SOAP and HTTP protocols.
Server Protocol
Click here to view this version of the [MS-WUSP] PDF.

[MS-XCA]: Xpress Specifies the three variants of the Xpress Compression Algorithm:
Compression LZ77+Huffman, Plain LZ77, LZNT1, and their respective decompression
Algorithm algorithms. This algorithm efficiently compresses data that contains
repeated byte sequences. It is not designed to compress image, audio, or
video data. Between the trade-offs of compressed size and CPU cost, it
heavily emphasizes low CPU cost.

Click here to view this version of the [MS-XCA] PDF.

[MS-XCEP]: X.509 Specifies the X.509 Certificate Enrollment Policy Protocol. This protocol
Certificate defines the interactions between a requesting client and a responding server
Enrollment Policy for the exchange of a certificate enrollment policy, which is the collection of
Protocol certificate templates and certificate issuers available to the requestor for
X.509 certificate enrollment.

Click here to view this version of the [MS-XCEP] PDF.

[MS-XOPP]: XML- Specifies the XML-binary Optimized Packaging (XOP) Profile, which provides
binary Optimized extensions that enable more efficient implementations of [XML-XOP] to be
Packaging (XOP) built by requiring certain ordering of the MIME parts in the XOP package
Profile
Click here to view this version of the [MS-XOPP] PDF.
[MS-SCMR]: Service Control Manager
Remote Protocol
Article04/27/2022

Specifies the Service Control Manager Remote Protocol, which is used for remotely
managing the Service Control Manager (SCM), an RPC server that enables service
configuration and control of service programs.

This page and associated content may be updated frequently. We recommend you
subscribe to the RSS feed to receive update notifications.

Published Version
Date Protocol Revision Revision Class Downloads

4/29/2022 33.0 Major PDF | DOCX | Diff

Click here to download a zip file of all PDF files for Windows Protocols.

Previous Versions
Date Protocol Revision Revision Class Downloads

6/25/2021 32.0 Major PDF | DOCX | Errata | Diff

4/7/2021 31.0 Major PDF | DOCX | Diff

9/23/2019 30.0 Major PDF | DOCX | Diff

3/13/2019 29.0 Major PDF | DOCX | Errata | Diff

9/12/2018 28.0 Major PDF | DOCX | Diff

9/15/2017 27.1 Minor PDF | DOCX | Errata | Diff

6/1/2017 27.0 None PDF | DOCX | Diff

7/14/2016 27.0 None PDF | DOCX | Diff

10/16/2015 27.0 None PDF | DOCX

6/30/2015 27.0 Major PDF | DOCX

5/15/2014 26.0 None PDF | DOCX

Date Protocol Revision Revision Class Downloads

2/13/2014 26.0 None PDF | DOCX

11/14/2013 26.0 None PDF | DOCX

8/8/2013 26.0 Major PDF | DOCX

1/31/2013 25.0 Major

10/25/2012 24.1 Minor

7/12/2012 24.0 Major

3/30/2012 23.0 None

12/16/2011 23.0 Major

9/23/2011 22.1 None

6/17/2011 22.1 Minor

5/6/2011 22.0 Major

3/25/2011 21.0 Major

2/11/2011 20.0 Major

1/7/2011 19.0 None

11/19/2010 19.0 Major

10/8/2010 18.1 Minor

8/27/2010 18.0 Major

7/16/2010 17.0 Major

6/4/2010 16.0 Major

4/23/2010 15.0 Major

3/12/2010 14.0 Major

1/29/2010 13.1 Minor

12/18/2009 13.0 Major

11/6/2009 12.0 Major

9/25/2009 11.0 Major

8/14/2009 10.0 Major

Date Protocol Revision Revision Class Downloads

7/2/2009 9.0 Major

5/22/2009 8.0 Major

4/10/2009 7.0 Major

2/27/2009 6.0 Major

1/16/2009 5.0 Major

12/5/2008 4.0 Major

10/24/2008 3.1.1 Editorial

8/29/2008 3.1 Minor

7/25/2008 3.0.1 Editorial

6/20/2008 3.0 Major

3/14/2008 2.0 Major

1/25/2008 1.2.2 Editorial

10/23/2007 1.2.1 Editorial

9/28/2007 1.2 Minor

8/10/2007 1.1 Minor

7/3/2007 1.0.2 Editorial

6/1/2007 1.0.1 Editorial

5/11/2007 1.0 Major

Preview Versions
From time to time, Microsoft may publish a preview, or pre-release, version of an Open
Specifications technical document for community review and feedback. To submit
feedback for a preview version of a technical document, please follow any instructions
specified for that document. If no instructions are indicated for the document, please
provide feedback by using the Open Specification Forums .

The preview period for a technical document varies. Additionally, not every technical
document will be published for preview.
A preview version of this document may be available on the Windows Protocols -
Preview Documents page. After the preview period, the most current version of the
document is available on this page.

Development Resources
Find resources for creating interoperable solutions for Microsoft software, services,
hardware, and non-Microsoft products:

Plugfests and Events , Test Tools , Development Support , and Open Specifications
Dev Center .

Intellectual Property Rights Notice for Open

Specifications Documentation
Technical Documentation. Microsoft publishes Open Specifications
documentation (“this documentation”) for protocols, file formats, data portability,
computer languages, and standards support. Additionally, overview documents
cover inter-protocol relationships and interactions.

Copyrights. This documentation is covered by Microsoft copyrights. Regardless of

any other terms that are contained in the terms of use for the Microsoft website
that hosts this documentation, you can make copies of it in order to develop
implementations of the technologies that are described in this documentation and
can distribute portions of it in your implementations that use these technologies or
in your documentation as necessary to properly document the implementation.
You can also distribute in your implementation, with or without modification, any
schemas, IDLs, or code samples that are included in the documentation. This
permission also applies to any documents that are referenced in the Open
Specifications documentation.

No Trade Secrets. Microsoft does not claim any trade secret rights in this
documentation.

Patents. Microsoft has patents that might cover your implementations of the
technologies described in the Open Specifications documentation. Neither this
notice nor Microsoft's delivery of this documentation grants any licenses under
those patents or any other Microsoft patents. However, a given Open
Specifications document might be covered by the Microsoft Open Specifications
Promise or the Microsoft Community Promise . If you would prefer a written
license, or if the technologies described in this documentation are not covered by
the Open Specifications Promise or Community Promise, as applicable, patent
licenses are available by contacting [email protected].

License Programs. To see all of the protocols in scope under a specific license
program and the associated patents, visit the Patent Map .

Trademarks. The names of companies and products contained in this

documentation might be covered by trademarks or similar intellectual property
rights. This notice does not grant any licenses under those rights. For a list of
Microsoft trademarks, visit www.microsoft.com/trademarks .

Fictitious Names. The example companies, organizations, products, domain

names, email addresses, logos, people, places, and events that are depicted in this
documentation are fictitious. No association with any real company, organization,
product, domain name, email address, logo, person, place, or event is intended or
should be inferred.

Reservation of Rights. All other rights are reserved, and this notice does not grant any
rights other than as specifically described above, whether by implication, estoppel, or
otherwise.

Tools. The Open Specifications documentation does not require the use of Microsoft
programming tools or programming environments in order for you to develop an
implementation. If you have access to Microsoft programming tools and environments,
you are free to take advantage of them. Certain Open Specifications documents are
intended for use in conjunction with publicly available standards specifications and
network programming art and, as such, assume that the reader either is familiar with the
aforementioned material or has immediate access to it.

Support. For questions and support, please contact [email protected].

1 Introduction
Article04/27/2022

The Service Control Manager Remote Protocol is a remote procedure call (RPC)–based
client/server protocol that is used for remotely managing the Service Control Manager
(SCM). The SCM is an RPC server that enables service configuration and control of
service programs. For more information, see [MSDN-WINSVC] .

Sections 1.5, 1.8, 1.9, 2, and 3 of this specification are normative. All other sections and
examples in this specification are informative.
1.1 Glossary
Article • 07/11/2023

This document uses the following terms:

access control entry (ACE): An entry in an access control list (ACL) that contains a set of
user rights and a security identifier (SID) that identifies a principal for whom the rights
are allowed, denied, or audited.

American National Standards Institute (ANSI) character set: A character set defined by
a code page approved by the American National Standards Institute (ANSI). The term
"ANSI" as used to signify Windows code pages is a historical reference and a misnomer
that persists in the Windows community. The source of this misnomer stems from the
fact that the Windows code page 1252 was originally based on an ANSI draft, which
became International Organization for Standardization (ISO) Standard 8859-1 [ISO/IEC-
8859-1] . In Windows, the ANSI character set can be any of the following code pages:
1252, 1250, 1251, 1253, 1254, 1255, 1256, 1257, 1258, 874, 932, 936, 949, or 950. For
example, "ANSI application" is usually a reference to a non-Unicode or code-page-
based application. Therefore, "ANSI character set" is often misused to refer to one of the
character sets defined by a Windows code page that can be used as an active system
code page; for example, character sets defined by code page 1252 or character sets
defined by code page 950. Windows is now based on Unicode, so the use of ANSI
character sets is strongly discouraged unless they are used to interoperate with legacy
applications or legacy data.

authentication level: A numeric value indicating the level of authentication or message

protection that remote procedure call (RPC) will apply to a specific message exchange.
For more information, see [C706] section 13.1.2.1 and [MS-RPCE].

Authentication Service (AS): A service that issues ticket granting tickets (TGTs), which
are used for authenticating principals within the realm or domain served by the
Authentication Service.

code page: An ordered set of characters of a specific script in which a numerical index
(code-point value) is associated with each character. Code pages are a means of
providing support for character sets and keyboard layouts used in different
countries/regions. Devices such as the display and keyboard can be configured to use a
specific code page and to switch from one code page (such as the United States) to
another (such as Portugal) at the user's request.

delayed start group: A service group initialized following a delay after the initial system
boot for the purpose of improving system-boot performance.
device interface class: A way of exporting device and driver functionality to other
components, including other drivers and user-mode applications. A driver can register a
device interface class, and then enable an instance of the class for each device object to
which user-mode I/O requests might be sent. On the highest level, a device interface
class is a grouping of devices by functionality. Each device interface class is associated
with a GUID. Vendors can create and define their own GUIDs for device interface classes.

discretionary access control list (DACL): An access control list (ACL) that is controlled by
the owner of an object and that specifies the access particular users or groups can have
to the object.

globally unique identifier (GUID): A term used interchangeably with universally unique
identifier (UUID) in Microsoft protocol technical documents (TDs). Interchanging the
usage of these terms does not imply or require a specific algorithm or mechanism to
generate the value. Specifically, the use of this term does not imply or require that the
algorithms described in [RFC4122] or [C706] must be used for generating the GUID.
See also universally unique identifier (UUID).

Interface Definition Language (IDL): The International Standards Organization (ISO)

standard language for specifying the interface for remote procedure calls. For more
information, see [C706] section 4.

load-order group: A service group for the purpose of service loading and initialization
ordering.

Microsoft Interface Definition Language (MIDL): The Microsoft implementation and

extension of the OSF-DCE Interface Definition Language (IDL). MIDL can also mean the
Interface Definition Language (IDL) compiler provided by Microsoft. For more
information, see [MS-RPCE].

named pipe: A named, one-way, or duplex pipe for communication between a pipe
server and one or more pipe clients.

NUMA Node: An arrangement of processors and memory within a system supporting

Non-Uniform Memory Access (NUMA) technology [MSDN-NUMA] .

opnum: An operation number or numeric identifier that is used to identify a specific

remote procedure call (RPC) method or a method in an interface. For more information,
see [C706] section 12.5.2.12 or [MS-RPCE].

remote procedure call (RPC): A communication protocol used primarily between client
and server. The term has three definitions that are often used interchangeably: a runtime
environment providing for communication facilities between computers (the RPC
runtime); a set of request-and-response message exchanges between computers (the
RPC exchange); and the single message from an RPC exchange (the RPC message). For
more information, see [C706].

RPC context handle: A representation of state maintained between a remote procedure

call (RPC) client and server. The state is maintained on the server on behalf of the client.
An RPC context handle is created by the server and given to the client. The client passes
the RPC context handle back to the server in method calls to assist in identifying the
state. For more information, see [C706].

RPC protocol sequence: A character string that represents a valid combination of a

remote procedure call (RPC) protocol, a network layer protocol, and a transport layer
protocol, as described in [C706] and [MS-RPCE].

RPC server: A computer on the network that waits for messages, processes them when
they arrive, and sends responses using RPC as its transport acts as the responder during
a remote procedure call (RPC) exchange.

RPC transport: The underlying network services used by the remote procedure call
(RPC) runtime for communications between network nodes. For more information, see
[C706] section 2.

security descriptor: A data structure containing the security information associated with
a securable object. A security descriptor identifies an object's owner by its security
identifier (SID). If access control is configured for the object, its security descriptor
contains a discretionary access control list (DACL) with SIDs for the security principals
who are allowed or denied access. Applications use this structure to set and query an
object's security status. The security descriptor is used to guard access to an object as
well as to control which type of auditing takes place when the object is accessed. The
security descriptor format is specified in [MS-DTYP] section 2.4.6; a string representation
of security descriptors, called SDDL, is specified in [MS-DTYP] section 2.5.1.

security identifier (SID): An identifier for security principals that is used to identify an
account or a group. Conceptually, the SID is composed of an account authority portion
(typically a domain) and a smaller integer representing an identity relative to the
account authority, termed the relative identifier (RID). The SID format is specified in [MS-
DTYP] section 2.4.2; a string representation of SIDs is specified in [MS-DTYP] section
2.4.2 and [MS-AZOD] section 1.1.1.2.

Server Message Block (SMB): A protocol that is used to request file and print services
from server systems over a network. The SMB protocol extends the CIFS protocol with
additional security, file, and disk management support. For more information, see
[CIFS] and [MS-SMB].
service: A program that is managed by the Service Control Manager (SCM). The
execution of this program is governed by the rules defined by the SCM.

Service Control Manager (SCM): An RPC server that enables configuration and control
of service programs.

service group: A set of services that are grouped together for dependency or load-
ordering purposes.

service record: An entry in the SCM database that contains the configuration
information associated with a service.

session key: A relatively short-lived symmetric key (a cryptographic key negotiated by

the client and the server based on a shared secret). A session key's lifespan is bounded
by the session to which it is associated. A session key has to be strong enough to
withstand cryptanalysis for the lifespan of the session.

system access control list (SACL): An access control list (ACL) that controls the
generation of audit messages for attempts to access a securable object. The ability to
get or set an object's SACL is controlled by a privilege typically held only by system
administrators.

Unicode: A character encoding standard developed by the Unicode Consortium that

represents almost all of the written languages of the world. The Unicode standard
[UNICODE5.0.0/2007] provides three forms (UTF-8, UTF-16, and UTF-32) and seven
schemes (UTF-8, UTF-16, UTF-16 BE, UTF-16 LE, UTF-32, UTF-32 LE, and UTF-32 BE).

universally unique identifier (UUID): A 128-bit value. UUIDs can be used for multiple
purposes, from tagging objects with an extremely short lifetime, to reliably identifying
very persistent objects in cross-process communication such as client and server
interfaces, manager entry-point vectors, and RPC objects. UUIDs are highly likely to be
unique. UUIDs are also known as globally unique identifiers (GUIDs) and these terms are
used interchangeably in the Microsoft protocol technical documents (TDs).
Interchanging the usage of these terms does not imply or require a specific algorithm or
mechanism to generate the UUID. Specifically, the use of this term does not imply or
require that the algorithms described in [RFC4122] or [C706] must be used for
generating the UUID.

well-known endpoint: A preassigned, network-specific, stable address for a particular

client/server instance. For more information, see [C706].

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as
defined in [RFC2119] . All statements of optional behavior use either MAY, SHOULD, or
SHOULD NOT.
1.2 References
Article04/27/2022

Links to a document in the Microsoft Open Specifications library point to the correct
section in the most recently published version of the referenced document. However,
because individual documents in the library are not updated at the same time, the
section numbers in the documents may not match. You can confirm the correct section
numbering by checking the Errata .
1.2.1 Normative References
Article04/27/2022

We conduct frequent surveys of the normative references to assure their continued

availability. If you have any issue with finding a normative reference, please contact
[email protected]. We will assist you in finding the relevant information.

[C706] The Open Group, "DCE 1.1: Remote Procedure Call", C706, August 1997,
https://publications.opengroup.org/c706

Note Registration is required to download the document.

[MS-CIFS] Microsoft Corporation, "Common Internet File System (CIFS) Protocol".

[MS-DTYP] Microsoft Corporation, "Windows Data Types".

[MS-LSAD] Microsoft Corporation, "Local Security Authority (Domain Policy) Remote

Protocol".

[MS-RPCE] Microsoft Corporation, "Remote Procedure Call Protocol Extensions".

[MS-SMB] Microsoft Corporation, "Server Message Block (SMB) Protocol".

[MS-UCODEREF] Microsoft Corporation, "Windows Protocols Unicode Reference".

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP
14, RFC 2119, March 1997, https://www.rfc-editor.org/rfc/rfc2119.html
1.2.2 Informative References
Article09/21/2022

[MS-AZOD] Microsoft Corporation, "Authorization Protocols Overview".

[MSDN-CtrlSvcEx] Microsoft Corporation, "ControlServiceEx function",

http://msdn.microsoft.com/en-us/library/ms682110(VS.85).aspx

[MSDN-CtrlSvc] Microsoft Corporation, "ControlService function",

http://msdn.microsoft.com/en-us/library/ms682108(VS.85).asp

[MSDN-MIDL] Microsoft Corporation, "Microsoft Interface Definition Language (MIDL)",

http://msdn.microsoft.com/en-us/library/ms950375.aspx

[MSDN-NUMA] Microsoft Corporation, "NUMA Support",

https://learn.microsoft.com/windows/win32/procthread/numa-support

[MSDN-SetSvcStatus] Microsoft Corporation, "SetServiceStatus function",

http://msdn.microsoft.com/en-us/library/ms686241(VS.85).aspx

[MSDN-STARTSERVICE] Microsoft Corporation, "StartService function",

http://msdn.microsoft.com/en-us/library/ms686321.aspx

[MSDN-WinDriverKit] Microsoft Corporation, "Windows Driver Kit Introduction",

https://learn.microsoft.com/windows-hardware/drivers/

[MSDN-WINSVC] Microsoft Corporation, "Services", http://msdn.microsoft.com/en-

us/library/ms685141.aspx

[SPNNAMES] Microsoft Corporation, "Name Formats for Unique SPNs",

http://msdn.microsoft.com/en-us/library/ms677601.aspx
1.3 Overview
Article04/27/2022

The Service Control Manager Remote Protocol is a client/server protocol used for
configuring and controlling service programs running on a remote computer. A remote
service management session begins with the client initiating the connection request to
the server. If the server grants the request, the connection is established. The client can
then make multiple requests to modify, query the configuration, or start and stop
services on the server by using the same session until the session is terminated.

A typical Service Control Manager Remote Protocol session involves the client
connecting to the server and requesting to open the SCM on the server. If the server
accepts the request, it responds with an RPC context handle to the client. The client uses
this RPC context handle to operate on the server. This usually involves sending another
request to the server and specifying the type of operation to perform and any specific
parameters associated with that operation. If the server accepts this request, it attempts
to perform the specified operation and responds to the client with the result of the
operation. After the client is finished operating on the server, it terminates the protocol
by sending a request to close the RPC context handle.

The Service Control Manager Remote Protocol maintains an internal database to store
service program configurations and state. The Service Control Manager Protocol has
exclusive access to this internal database. On one operating system instance there is
only one SCM and one corresponding SCM database. Any updates to this internal
database are made only through the Service Control Manager Remote Protocol. SCM
takes care of serializing all concurrent accesses to the SCM database. The SCM database
is resident in memory; it is recreated every time the SCM restarts (after each reboot).
Part of the SCM database is retrieved from persistent storage (all information regarding
registered services) and partially nonpersistent (current active state of the services). The
persistent information is modified by the SCM when a service is added, configured, or
deleted. Any attempt to directly modify the persistent part of the database directly in
the persistent storage is not a supported scenario and will result in possible
inconsistencies. Finally, if SCM were to be forcefully terminated, the operating system
will shut down and restart.
1.4 Relationship to Other Protocols
Article02/14/2019

The Service Control Manager Remote Protocol uses RPC as its transport protocol.
1.5 Prerequisites/Preconditions
Article02/14/2019

This protocol requires that the client and server be able to communicate via an RPC
connection, as specified in section 2.1.
1.6 Applicability Statement
Article02/14/2019

This protocol is appropriate for managing a service management agent, such as an SCM,
on a remote computer.
1.7 Versioning and Capability
Negotiation
Article02/14/2019

This document covers versioning issues in the following areas:

Supported Transports: This protocol uses multiple RPC protocol sequences, as

specified in section 2.1.

Security and Authentication Methods: The RPC server in this protocol uses either
RPC_C_AUTHN_GSS_NEGOTIATE or RPC_C_AUTHN_WINNT authorization. This is
discussed in section 2.1.
1.8 Vendor-Extensible Fields
Article02/14/2019

None.
1.9 Standards Assignments
Article10/30/2020

The Service Control Manager Remote Protocol has no standards assignments, only
private assignments made by Microsoft using allocation procedures specified in other
protocols.

Microsoft has allocated to this protocol an RPC interface universally unique identifier
(UUID) (using the procedure specified in [C706] ) and a named pipe (as specified in
[MS-SMB]). The assignments are as follows.

Parameter Value

RPC interface UUID {367ABB81-9844-35F1-AD32-98F038001003}

Named pipe \PIPE\svcctl

2 Messages
Article03/12/2019

The following sections specify how Service Control Manager Remote Protocol messages
are transported and specify common data types.
2.1 Transport
Article02/14/2019

The Service Control Manager Remote Protocol MUST use RPC as the transport protocol.
2.1.1 Server
Article02/14/2019

The server interface is identified by UUID 367ABB81-9844-35F1-AD32-98F038001003,

version 2.0, using the RPC well-known endpoint "\PIPE\svcctl". The server MUST use RPC
over SMB, ncacn_np or RPC over TCP, or ncacn_ip_tcp as the RPC protocol sequence to
the RPC implementation, as specified in [MS-RPCE]. The server MUST specify the Simple
and Protected GSS-API Negotiation Mechanism (SPNEGO) (0x9) or NT LAN Manager
(NTLM) (0xA), or both, as the RPC Authentication Service (as specified in [MS-RPCE]). See
[MS-RPCE] section 3.3.1.5.2.2 and [C706] section 13.
2.1.2 Client
Article02/14/2019

The client MUST use RPC over SMB, ncacn_np (as specified in [MS-RPCE]) or RPC over
TCP, ncacn_ip_tcp (as specified in [MS-RPCE]) as the RPC protocol sequence to
communicate with the server. The client MUST specify either "Simple and Protected
GSS-API Negotiation Mechanism (SPNEGO)" (0x9) or "NT LAN Manager (NTLM)" (0xA),
as specified in [MS-RPCE], as the Authentication Service. When using "SPNEGO" as the
Authentication Service, the client SHOULD supply a service principal name (SPN) of
"host/hostname" where hostname is the actual name of the server to which the client is
connecting and host is the literal string "host/" (for more information, see
[SPNNAMES] ).

The RPC client MAY use an authentication level of RPC_C_AUTHN_LEVEL_PKT_PRIVACY.

<1>
2.2 Common Data Types
Article09/23/2019

In addition to RPC base types and definitions specified in [C706] and [MS-RPCE], the
following sections use these definitions, as specified in [MS-DTYP]. Unless specified, all
characters are accepted for the strings described in each section.

BOOL

BYTE

CHAR

DWORD

LPCSTR

LPCWSTR

LPWSTR

PSTR

UCHAR

VOID

WCHAR

The additional data types given in the following sections are defined in the MIDL
specification of this RPC interface.
2.2.1 SECURITY_INFORMATION
Article01/04/2022

The following bit flags indicate which components to include in a

SECURITY_DESCRIPTOR structure that clients and servers can use to specify access
types.

Value Meaning

DACL_SECURITY_INFORMATION If set, the security descriptor MUST include the object's

discretionary access control list (DACL). DACL information is
0x00000004 specified in [MS-AZOD] section 1.1.1.3.

GROUP_SECURITY_INFORMATION If set, specifies the security identifier (SID), as defined in

[MS-DTYP] section 2.4.2, (LSAPR_SID) of the object's primary
0x00000002 group. Primary group information is specified in [MS-DTYP].

OWNER_SECURITY_INFORMATION If set, specifies the security identifier (SID) (LSAPR_SID) of the

object's owner.
0x00000001

SACL_SECURITY_INFORMATION If set, the security descriptor MUST include the object's

system access control list (SACL). SACL information is
0x00000008 specified in [MS-AZOD] section 1.1.1.3.

LABEL_SECURITY_INFORMATION If set, specifies the mandatory integrity label. The mandatory

integrity label is an ACE in the SACL of the object.
0x00000010

This type is declared as follows:

typedef unsigned long SECURITY_INFORMATION;

2.2.2 SVCCTL_HANDLEA
Article02/14/2019

An RPC binding handle to the server, represented as an American National Standards

Institute (ANSI) character set string. This ANSI string and all ANSI references in the rest
of this document use the ANSI code page specified by the operating system.

This type is declared as follows:

typedef [handle] LPSTR SVCCTL_HANDLEA;

2.2.3 SVCCTL_HANDLEW
Article02/14/2019

An RPC binding handle represented as a Unicode string.

This type is declared as follows:

typedef [handle] wchar_t* SVCCTL_HANDLEW;

2.2.4 SC_RPC_HANDLE
Article02/14/2019

Defines an RPC context handle to the SCM or a service on the server.

typedef [context_handle] PVOID SC_RPC_HANDLE;

typedef SC_RPC_HANDLE* LPSC_RPC_HANDLE;
2.2.5 SC_RPC_LOCK
Article02/14/2019

Defines an RPC context handle to a locked SCM database on the server.

typedef [context_handle] PVOID SC_RPC_LOCK;

typedef SC_RPC_LOCK* LPSC_RPC_LOCK;
2.2.6 SC_NOTIFY_RPC_HANDLE
Article02/14/2019

Defines an RPC context handle used to monitor changes on a service on the server.

typedef [context_handle] PVOID SC_NOTIFY_RPC_HANDLE;

typedef SC_NOTIFY_RPC_HANDLE* LPSC_NOTIFY_RPC_HANDLE;
2.2.7 BOUNDED_DWORD_4K
Article09/23/2019

A 4-kilobyte ranged DWORD data type used for the size given by reference in an in/out
parameter.

typedef [range(0, 1024 * 4)] DWORD BOUNDED_DWORD_4K;

typedef BOUNDED_DWORD_4K* LPBOUNDED_DWORD_4K;

BOUNDED_DWORD_4K: A 4-kilobyte ranged DWORD used for size given by reference

in an in/out parameter.

LPBOUNDED_DWORD_4K: Pointer to a BOUNDED_DWORD_4K.

2.2.8 BOUNDED_DWORD_8K
Article09/23/2019

An 8-kilobyte ranged DWORD data type used for the size given by reference in an
in/out parameter.

typedef [range(0, 1024 * 8)] DWORD BOUNDED_DWORD_8K;

typedef BOUNDED_DWORD_8K* LPBOUNDED_DWORD_8K;

BOUNDED_DWORD_8K: An 8-kilobyte ranged DWORD used for size given by reference

in an in/out parameter.

LPBOUNDED_DWORD_8K: Pointer to a BOUNDED_DWORD_8K.

2.2.9 BOUNDED_DWORD_256K
Article09/23/2019

A 256-kilobyte ranged DWORD data type used for the size given by reference in an
in/out parameter.

typedef [range(0, 1024 * 256)]

DWORD BOUNDED_DWORD_256K;
typedef BOUNDED_DWORD_256K* LPBOUNDED_DWORD_256K;

BOUNDED_DWORD_256K: A 256-kilobyte ranged DWORD used for size given by

reference in an in/out parameter.

LPBOUNDED_DWORD_256K: Pointer to a BOUNDED_DWORD_256K.

2.2.10 ENUM_SERVICE_STATUSA
Article02/14/2019

The ENUM_SERVICE_STATUSA structure defines the name and status of a service in an

SCM database and returns information about the service. String values are stored in
ANSI.

typedef struct _ENUM_SERVICE_STATUSA {

LPSTR lpServiceName;
LPSTR lpDisplayName;
SERVICE_STATUS ServiceStatus;
} ENUM_SERVICE_STATUSA,
*LPENUM_SERVICE_STATUSA;

lpServiceName: A pointer to a null-terminated string that names a service in an SCM

database.

The forward slash, back slash, comma, and space characters are illegal in service names.

lpDisplayName: A pointer to a null-terminated string that user interface programs use

to identify the service.

ServiceStatus: A SERVICE_STATUS (section 2.2.47) structure that contains status

information.
2.2.11 ENUM_SERVICE_STATUSW
Article04/27/2022

The ENUM_SERVICE_STATUSW structure defines the name and status of a service in an

SCM database and returns information about the service. String values are stored in
Unicode.

typedef struct _ENUM_SERVICE_STATUSW {

LPWSTR lpServiceName;
LPWSTR lpDisplayName;
SERVICE_STATUS ServiceStatus;
} ENUM_SERVICE_STATUSW,
*LPENUM_SERVICE_STATUSW;

lpServiceName: A pointer to a null-terminated string that names a service in an SCM

database.

The forward slash, back slash, comma, and space characters are illegal in service names.

lpDisplayName: A pointer to a null-terminated string that user interface programs use

to identify the service.

ServiceStatus: A SERVICE_STATUS (section 2.2.47) structure that contains status

information.
2.2.12
ENUM_SERVICE_STATUS_PROCESSA
Article10/30/2020

The ENUM_SERVICE_STATUS_PROCESSA structure contains information used by the

REnumServicesStatusExA method to return the name of a service in an SCM database.
The structure also returns information about the service. String values are stored in
ANSI.

typedef struct _ENUM_SERVICE_STATUS_PROCESSA {

LPSTR lpServiceName;
LPSTR lpDisplayName;
SERVICE_STATUS_PROCESS ServiceStatusProcess;
} ENUM_SERVICE_STATUS_PROCESSA,
*LPENUM_SERVICE_STATUS_PROCESSA;

lpServiceName: A pointer to a null-terminated string that names a service in an SCM

database.

The forward slash, back slash, comma, and space characters are illegal in service names.

lpDisplayName: A pointer to a null-terminated string that contains the display name of

the service.

ServiceStatusProcess: A SERVICE_STATUS_PROCESS (section 2.2.49) structure that

contains status information for the lpServiceName service.
2.2.13
ENUM_SERVICE_STATUS_PROCESSW
Article10/30/2020

The ENUM_SERVICE_STATUS_PROCESSW structure contains information used by the

REnumServicesStatusExW method to return the name of a service in an SCM database.
The structure also returns information about the service. String values are stored in
Unicode.

typedef struct _ENUM_SERVICE_STATUS_PROCESSW {

LPWSTR lpServiceName;
LPWSTR lpDisplayName;
SERVICE_STATUS_PROCESS ServiceStatusProcess;
} ENUM_SERVICE_STATUS_PROCESSW,
*LPENUM_SERVICE_STATUS_PROCESSW;

lpServiceName: A pointer to a null-terminated string that names a service in an SCM

database.

The forward slash, back slash, comma, and space characters are illegal in service names.

lpDisplayName: A pointer to a null-terminated string that contains the display name of

the service.

ServiceStatusProcess: A SERVICE_STATUS_PROCESS (section 2.2.49) structure that

contains status information for the lpServiceName service.
2.2.14 QUERY_SERVICE_CONFIGA
Article04/27/2022

The QUERY_SERVICE_CONFIGA structure defines configuration information about an

installed service. String values are stored in ANSI.

typedef struct _QUERY_SERVICE_CONFIGA {

DWORD dwServiceType;
DWORD dwStartType;
DWORD dwErrorControl;
[string,range(0, 8 * 1024)] LPSTR lpBinaryPathName;
[string,range(0, 8 * 1024)] LPSTR lpLoadOrderGroup;
DWORD dwTagId;
[string,range(0, 8 * 1024)] LPSTR lpDependencies;
[string,range(0, 8 * 1024)] LPSTR lpServiceStartName;
[string,range(0, 8 * 1024)] LPSTR lpDisplayName;
} QUERY_SERVICE_CONFIGA,
*LPQUERY_SERVICE_CONFIGA;

dwServiceType: The type of service. This member MUST be one of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER A driver service. These are services that manage devices on

the system.
0x00000001

SERVICE_FILE_SYSTEM_DRIVER A file system driver service. These are services that manage
file systems on the system.
0x00000002

SERVICE_WIN32_OWN_PROCESS A service that runs in its own process.

0x00000010

SERVICE_WIN32_SHARE_PROCESS A service that shares a process with other services.

0x00000020

dwStartType: Defines when to start the service. This member MUST be one of the
following values.

Value Meaning

SERVICE_BOOT_START Starts the driver service when the system boots up. This value is valid
only for driver services.
0x00000000
Value Meaning

SERVICE_SYSTEM_START Starts the driver service when the system boots up. This value is valid
only for driver services. The services marked SERVICE_SYSTEM_START
0x00000001 are started after all SERVICE_BOOT_START services have been started.

SERVICE_AUTO_START A service started automatically by the SCM during system startup.

0x00000002

SERVICE_DEMAND_START Starts the service when a client requests the SCM to start the service.

0x00000003

SERVICE_DISABLED A service that cannot be started. Attempts to start the service result
in the error code ERROR_SERVICE_DISABLED.
0x00000004

dwErrorControl: The severity of the error if this service fails to start during startup, and
the action that the SCM takes if failure occurs.

Value Meaning

SERVICE_ERROR_IGNORE The SCM ignores the error and continues the startup operation.

0x00000000

SERVICE_ERROR_NORMAL The SCM logs the error in the event log and continues the startup
operation.
0x00000001

SERVICE_ERROR_SEVERE The SCM logs the error in the event log. If the last-known good
configuration is being started, the startup operation continues.
0x00000002 Otherwise, the system is restarted with the last-known good
configuration.

SERVICE_ERROR_CRITICAL The SCM SHOULD log the error in the event log if possible. If the
last-known good configuration is being started, the startup
0x00000003 operation fails. Otherwise, the system is restarted with the last-
known good configuration.

lpBinaryPathName: A pointer to a null-terminated string that contains the fully qualified

path to the service binary file. The path MAY include arguments. If the path contains a
space, it MUST be quoted so that it is correctly interpreted. For example, "d:\\my
share\\myservice.exe" is specified as "\"d:\\my share\\myservice.exe\"".

lpLoadOrderGroup: A pointer to a null-terminated string that names the service group

for load-ordering of which this service is a member. If the pointer is NULL or if it points
to an empty string, the service does not belong to a group.
dwTagId: A unique tag value for this service within the service group specified by the
lpLoadOrderGroup parameter. A value of 0 indicates that the service has not been
assigned a tag.

lpDependencies: A pointer to an array of null-separated names of services or names of

service groups that MUST start before this service. The array is doubly null-terminated.
Service group names are prefixed with a "+" character (to distinguish them from service
names). If the pointer is NULL or if it points to an empty string, the service has no
dependencies. Cyclic dependency between services is not allowed. The character set is
ANSI. Dependency on a service means that this service can only run if the service it
depends on is running. Dependency on a group means that this service can run if at
least one member of the group is running after an attempt to start all members of the
group.

lpServiceStartName: A pointer to a null-terminated string that contains the service

name.

lpDisplayName: A pointer to a null-terminated string that contains the service display

name.
2.2.15 QUERY_SERVICE_CONFIGW
Article04/27/2022

The QUERY_SERVICE_CONFIGW structure defines configuration information about an

installed service. String values are stored in Unicode.

typedef struct _QUERY_SERVICE_CONFIGW {

DWORD dwServiceType;
DWORD dwStartType;
DWORD dwErrorControl;
[string,range(0, 8 * 1024)] LPWSTR lpBinaryPathName;
[string,range(0, 8 * 1024)] LPWSTR lpLoadOrderGroup;
DWORD dwTagId;
[string,range(0, 8 * 1024)] LPWSTR lpDependencies;
[string,range(0, 8 * 1024)] LPWSTR lpServiceStartName;
[string,range(0, 8 * 1024)] LPWSTR lpDisplayName;
} QUERY_SERVICE_CONFIGW,
*LPQUERY_SERVICE_CONFIGW;

dwServiceType: The type of service. This member MUST be one of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER A driver service. These are services that manage devices on

the system.
0x00000001

SERVICE_FILE_SYSTEM_DRIVER A file system driver service. These are services that manage
file systems on the system.
0x00000002

SERVICE_WIN32_OWN_PROCESS A service that runs in its own process.

0x00000010

SERVICE_WIN32_SHARE_PROCESS A service that shares a process with other services.

0x00000020

dwStartType: Defines when to start the service. This member MUST be one of the
following values.

Value Meaning

SERVICE_BOOT_START Starts the driver service when the system boots up. This value is valid
only for driver services.
0x00000000
Value Meaning

SERVICE_AUTO_START A service started automatically by the SCM during system startup.

0x00000002

SERVICE_DEMAND_START Starts the service when a client requests the SCM to start the service.

0x00000003

SERVICE_DISABLED A service that cannot be started. Attempts to start the service result
in the error code ERROR_SERVICE_DISABLED.
0x00000004

dwErrorControl: The severity of the error if this service fails to start during startup and
the action the SCM takes if failure occurs.

Value Meaning

SERVICE_ERROR_IGNORE The SCM ignores the error and continues the startup operation.

0x00000000

SERVICE_ERROR_NORMAL The SCM logs the error in the event log and continues the startup
operation.
0x00000001

lpBinaryPathName: A pointer to a null-terminated string that contains the fully qualified

lpLoadOrderGroup: A pointer to a null-terminated string that names the service group

for load ordering of which this service is a member. If the pointer is NULL or if it points
to an empty string, the service does not belong to a group.
dwTagId: A unique tag value for this service in the service group. A value of 0 indicates
that the service has not been assigned a tag.

lpDependencies: A pointer to an array of null-separated names of services or service

groups that MUST start before this service. The array is doubly null-terminated. Service
group names are prefixed with a "+" character (to distinguish them from service names).
If the pointer is NULL or if it points to an empty string, the service has no dependencies.
Cyclic dependency between services is not allowed. The character set is Unicode.
Dependency on a service means that this service can only run if the service it depends
on is running. Dependency on a group means that this service can run if at least one
member of the group is running after an attempt to start all members of the group.

lpServiceStartName: A pointer to a null-terminated string that contains the service start

(key) name.

lpDisplayName: A pointer to a null-terminated string that contains the service display

name.
2.2.16 QUERY_SERVICE_LOCK_STATUSA
Article02/14/2019

The QUERY_SERVICE_LOCK_STATUSA structure defines information about the lock status

of an SCM database. String values are stored in ANSI.

typedef struct {
DWORD fIsLocked;
[string,range(0, 8 * 1024)] char* lpLockOwner;
DWORD dwLockDuration;
} QUERY_SERVICE_LOCK_STATUSA,
*LPQUERY_SERVICE_LOCK_STATUSA;

fIsLocked: The lock status of the database. If this member is nonzero, the database is
locked. If it is 0, the database is unlocked.

lpLockOwner: A pointer to a null-terminated string that contains the name of the user
that acquired the lock.

dwLockDuration: The elapsed time, in seconds, since the lock was first acquired.
2.2.17 QUERY_SERVICE_LOCK_STATUSW
Article02/14/2019

The QUERY_SERVICE_LOCK_STATUSW structure defines information about the lock

status of an SCM database. String values are stored in Unicode.

typedef struct _QUERY_SERVICE_LOCK_STATUSW {

DWORD fIsLocked;
[string,range(0, 8 * 1024)] LPWSTR lpLockOwner;
DWORD dwLockDuration;
} QUERY_SERVICE_LOCK_STATUSW,
*LPQUERY_SERVICE_LOCK_STATUSW;

fIsLocked: The lock status of the database. If this member is nonzero, the database is
locked. If it is 0, the database is unlocked.

lpLockOwner: A pointer to a null-terminated string that contains the name of the user
that acquired the lock.

dwLockDuration: The elapsed time, in seconds, since the lock was first acquired.
2.2.18 SC_ACTION_TYPE
Article02/14/2019

The SC_ACTION_TYPE enumeration specifies action levels for the Type member of the
SC_ACTION structure.

typedef [v1_enum] enum _SC_ACTION_TYPE

{
SC_ACTION_NONE = 0,
SC_ACTION_RESTART = 1,
SC_ACTION_REBOOT = 2,
SC_ACTION_RUN_COMMAND = 3
} SC_ACTION_TYPE;

SC_ACTION_NONE: No action.

SC_ACTION_RESTART: Restart the service.

SC_ACTION_REBOOT: Reboot the computer.

SC_ACTION_RUN_COMMAND: Run a command.

2.2.19 SC_ACTION
Article02/14/2019

The SC_ACTION structure defines an action that the SCM can perform.

typedef struct {
SC_ACTION_TYPE Type;
DWORD Delay;
} SC_ACTION,
*LPSC_ACTION;

Type: The action to be performed. This member MUST be one of the values from the
SC_ACTION_TYPE (section 2.2.18) enumeration.

Delay: The time, in milliseconds, to wait before performing the specified action.
2.2.20 SC_ENUM_TYPE
Article02/14/2019

The SC_ENUM_TYPE enumeration specifies information levels for the

REnumServicesStatusExA and REnumServicesStatusExW methods.

typedef [v1_enum] enum

{
SC_ENUM_PROCESS_INFO = 0
} SC_ENUM_TYPE;

SC_ENUM_PROCESS_INFO: Information level.

2.2.21 SC_RPC_CONFIG_INFOA
Article04/06/2021

The SC_RPC_CONFIG_INFOA structure defines the service configuration based on a

supplied level. String values are stored in ANSI.

typedef struct _SC_RPC_CONFIG_INFOA {

DWORD dwInfoLevel;
[switch_is(dwInfoLevel)] union {
[case(1)]
LPSERVICE_DESCRIPTIONA psd;
[case(2)]
LPSERVICE_FAILURE_ACTIONSA psfa;
[case(3)]
LPSERVICE_DELAYED_AUTO_START_INFO psda;
[case(4)]
LPSERVICE_FAILURE_ACTIONS_FLAG psfaf;
[case(5)]
LPSERVICE_SID_INFO pssid;
[case(6)]
LPSERVICE_RPC_REQUIRED_PRIVILEGES_INFO psrp;
[case(7)]
LPSERVICE_PRESHUTDOWN_INFO psps;
[case(8)]
PSERVICE_TRIGGER_INFO psti;
[case(9)]
LPSERVICE_PREFERRED_NODE_INFO pspn;
};
} SC_RPC_CONFIG_INFOA;

dwInfoLevel: A DWORD value that indicates the type of configuration information in the
included data.

psd: A structure that contains a description of the service, as specified in section 2.2.34.

The following structures SHOULD<2> be available:

psfa: A structure that contains a list of failure actions, as specified in section 2.2.39.

psda: A structure that defines whether or not the service is part of the delayed start
group, as specified in section 2.2.33.

psfaf: A structure that defines if failure actions are queued when the service exits with a
nonzero error code, as specified in section 2.2.41.

pssid: A structure that defines the type of service SID, as specified in section 2.2.46.
psrp: A structure that defines the privileges required by the service, as specified in
section 2.2.48.

psps: A structure that defines the pre-shutdown settings for the service, as specified in
section 2.2.45.

psti: A structure that defines the trigger settings for the service, as specified in section
2.2.54.

pspn: A structure that defines the preferred node information for the service, as
specified in section 2.2.55.
2.2.22 SC_RPC_CONFIG_INFOW
Article02/14/2019

The SC_RPC_CONFIG_INFOW structure SHOULD<3> define, based on a supplied level,

either the service configuration or a list of failure actions. String values are stored as
Unicode.

typedef struct _SC_RPC_CONFIG_INFOW {

DWORD dwInfoLevel;
[switch_is(dwInfoLevel)] union {
[case(1)]
LPSERVICE_DESCRIPTIONW psd;
[case(2)]
LPSERVICE_FAILURE_ACTIONSW psfa;
[case(3)]
LPSERVICE_DELAYED_AUTO_START_INFO psda;
[case(4)]
LPSERVICE_FAILURE_ACTIONS_FLAG psfaf;
[case(5)]
LPSERVICE_SID_INFO pssid;
[case(6)]
LPSERVICE_RPC_REQUIRED_PRIVILEGES_INFO psrp;
[case(7)]
LPSERVICE_PRESHUTDOWN_INFO psps;
[case(8)]
PSERVICE_TRIGGER_INFO psti;
[case(9)]
LPSERVICE_PREFERRED_NODE_INFO pspn;
};
} SC_RPC_CONFIG_INFOW;

dwInfoLevel: A value that indicates the type of configuration information in the included
data.

psd: A structure that contains a description of the service, as specified in section 2.2.35.

psfa: A structure that contains a list of failure actions, as specified in section 2.2.40.

psda: A structure that specifies whether the service is part of the delayed start group, as
specified in section 2.2.33.

psfaf: A structure that specifies whether failure actions are queued when the service
exits with a nonzero error code, as specified in section 2.2.41.

pssid: A structure that defines the type of service SID, as specified in section 2.2.46.
psrp: A structure that defines the privileges required by the service, as specified in
section 2.2.48.

psps: A structure that defines the pre-shutdown settings for the service, as specified in
section 2.2.45.

psti: A structure that defines the trigger settings for the service, as specified in section
2.2.54.<4>

pspn: A structure that defines the preferred node information for the service, as
specified in section 2.2.55.<5>
2.2.23 SC_RPC_NOTIFY_PARAMS
Article09/23/2019

The SC_RPC_NOTIFY_PARAMS structure<6> contains the parameters associated with the

notification information of the service status.

typedef struct _SC_RPC_NOTIFY_PARAMS {

DWORD dwInfoLevel;
[switch_is(dwInfoLevel)] union {
[case(1)]
PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1 pStatusChangeParam1;
[case(2)]
PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2 pStatusChangeParams;
};
} SC_RPC_NOTIFY_PARAMS;

dwInfoLevel: A value that indicates the version of the notification structure being used.

pStatusChangeParam1: A SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1 (section 2.2.43)

structure that contains the service status notification information.

pStatusChangeParams: A SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2 (section 2.2.44)

structure that contains the service status notification information.
2.2.24 SC_RPC_NOTIFY_PARAMS_LIST
Article02/14/2019

The SC_RPC_NOTIFY_PARAMS_LIST structure<7> defines an array of service state

change parameters.

typedef struct _SC_RPC_NOTIFY_PARAMS_LIST {

BOUNDED_DWORD_4K cElements;
[size_is(cElements)] SC_RPC_NOTIFY_PARAMS NotifyParamsArray[*];
} SC_RPC_NOTIFY_PARAMS_LIST,
*PSC_RPC_NOTIFY_PARAMS_LIST;

cElements: The number of elements in the array.

NotifyParamsArray: An array of SC_RPC_NOTIFY_PARAMS (section 2.2.23) structures.

2.2.25
SC_RPC_SERVICE_CONTROL_IN_PARAMS
A
Article01/04/2022

The SC_RPC_SERVICE_CONTROL_IN_PARAMSA union contains information associated

with the service control parameters. String values are in ANSI.

typedef
[switch_type(DWORD)]
union _SC_RPC_SERVICE_CONTROL_IN_PARAMSA {
[case(1)]
PSERVICE_CONTROL_STATUS_REASON_IN_PARAMSA psrInParams;
} SC_RPC_SERVICE_CONTROL_IN_PARAMSA,
*PSC_RPC_SERVICE_CONTROL_IN_PARAMSA;

psrInParams: A structure that contains the service control parameter associated with a
control as specified in section 2.2.30.
2.2.26
SC_RPC_SERVICE_CONTROL_IN_PARAMS
W
Article02/14/2019

The SC_RPC_SERVICE_CONTROL_IN_PARAMSW union contains information associated

with the service control parameters. String values are in Unicode.

psrInParams: A structure that contains the service control parameter associated with a
control as specified in section 2.2.31.
2.2.27
SC_RPC_SERVICE_CONTROL_OUT_PARA
MSA
Article02/14/2019

The SC_RPC_SERVICE_CONTROL_OUT_PARAMSA union contains resulting status

information associated with the service control parameters. String values are in ANSI.

typedef
[switch_type(DWORD)]
union _SC_RPC_SERVICE_CONTROL_OUT_PARAMSA {
[case(1)]
PSERVICE_CONTROL_STATUS_REASON_OUT_PARAMS psrOutParams;
} SC_RPC_SERVICE_CONTROL_OUT_PARAMSA,
*PSC_RPC_SERVICE_CONTROL_OUT_PARAMSA;

psrOutParams: A structure that contains the resulting status information associated with
the service control parameter associated with a control as specified in section 2.2.32.
2.2.28
SC_RPC_SERVICE_CONTROL_OUT_PARA
MSW
Article06/24/2021

The SC_RPC_SERVICE_CONTROL_OUT_PARAMSW union contains resulting status

information associated with the service control parameters. String values are in Unicode.

typedef
[switch_type(DWORD)]
union _SC_RPC_SERVICE_CONTROL_OUT_PARAMSW {
[case(1)]
PSERVICE_CONTROL_STATUS_REASON_OUT_PARAMS psrOutParams;
} SC_RPC_SERVICE_CONTROL_OUT_PARAMSW,
*PSC_RPC_SERVICE_CONTROL_OUT_PARAMSW;

The SC_STATUS_TYPE enumeration specifies the information level for the

RQueryServiceStatusEx method.

typedef [v1_enum] enum

{
SC_STATUS_PROCESS_INFO = 0
} SC_STATUS_TYPE;

SC_STATUS_PROCESS_INFO: The information level

2.2.30
SERVICE_CONTROL_STATUS_REASON_IN
_PARAMSA
Article10/30/2020

The SERVICE_CONTROL_STATUS_REASON_IN_PARAMSA structure<8> contains the

reason associated with the SERVICE_CONTROL_STOP control. String values are in ANSI.

typedef struct _SERVICE_CONTROL_STATUS_REASON_IN_PARAMSA {

DWORD dwReason;
[string, range(0, SC_MAX_COMMENT_LENGTH)]
LPSTR pszComment;
} SERVICE_CONTROL_STATUS_REASON_IN_PARAMSA,
*PSERVICE_CONTROL_STATUS_REASON_IN_PARAMSA;

dwReason: The reason associated with the SERVICE_CONTROL_STOP control. This

member MUST be set to a combination of one general reason code, one major reason
code, and one minor reason code.

The following are the general reason codes.

Value Meaning

SERVICE_STOP_CUSTOM The reason code is defined by the user. If this flag is not present,
the reason code is defined by the system. If this flag is specified
0x20000000 with a system reason code, the function call fails.

Users can create custom major reason codes in the range

SERVICE_STOP_REASON_MAJOR_MIN_CUSTOM (0x00400000)
through SERVICE_STOP_REASON_MAJOR_MAX_CUSTOM
(0x00ff0000) and minor reason codes in the range
SERVICE_STOP_REASON_MINOR_MIN_CUSTOM (0x00000100)
through SERVICE_STOP_REASON_MINOR_MAX_CUSTOM
(0x0000FFFF).

SERVICE_STOP_PLANNED The service stop was planned.

0x40000000
Value Meaning

SERVICE_STOP_UNPLANNED The service stop was not planned.

0x10000000

The following are the major reason codes.

Value Meaning

SERVICE_STOP_REASON_MAJOR_APPLICATION Application issue

0x00050000

SERVICE_STOP_REASON_MAJOR_HARDWARE Hardware issue

0x00020000

SERVICE_STOP_REASON_MAJOR_NONE No major reason

0x00060000

SERVICE_STOP_REASON_MAJOR_OPERATINGSYSTEM Operating system issue

0x00030000

SERVICE_STOP_REASON_MAJOR_OTHER Other issue

0x00010000

SERVICE_STOP_REASON_MAJOR_SOFTWARE Software issue

0x00040000

The following are the minor reason codes.

Value Meaning

SERVICE_STOP_REASON_MINOR_DISK Disk

0x00000008

SERVICE_STOP_REASON_MINOR_ENVIRONMENT Environment

0x0000000a

SERVICE_STOP_REASON_MINOR_HARDWARE_DRIVER Driver

0x0000000b
Value Meaning

SERVICE_STOP_REASON_MINOR_HUNG Unresponsive

0x00000006

SERVICE_STOP_REASON_MINOR_INSTALLATION Installation

0x00000003

SERVICE_STOP_REASON_MINOR_MAINTENANCE Maintenance

0x00000002

SERVICE_STOP_REASON_MINOR_MMC MMC issue

0x00000016

SERVICE_STOP_REASON_MINOR_NETWORK_CONNECTIVITY Network connectivity

0x00000011

SERVICE_STOP_REASON_MINOR_NETWORKCARD Network card

0x00000009

SERVICE_STOP_REASON_MINOR_NONE No minor reason

0x00000017

SERVICE_STOP_REASON_MINOR_OTHER Other issue

0x00000001

SERVICE_STOP_REASON_MINOR_OTHERDRIVER Other driver event

0x0000000c

SERVICE_STOP_REASON_MINOR_RECONFIG Reconfigure

0x00000005

SERVICE_STOP_REASON_MINOR_SECURITY Security issue

0x00000010

SERVICE_STOP_REASON_MINOR_SECURITYFIX Security update

0x0000000f

SERVICE_STOP_REASON_MINOR_SECURITYFIX_UNINSTALL Security update uninstall

0x00000015
Value Meaning

SERVICE_STOP_REASON_MINOR_SERVICEPACK Service pack

0x0000000d

SERVICE_STOP_REASON_MINOR_SERVICEPACK_UNINSTALL Service pack uninstall

0x00000013

SERVICE_STOP_REASON_MINOR_SOFTWARE_UPDATE Software update

0x0000000e

SERVICE_STOP_REASON_MINOR_SOFTWARE_UPDATE_UNINSTALL Software update uninstall

0x00000014

SERVICE_STOP_REASON_MINOR_UNSTABLE Unstable

0x00000007

SERVICE_STOP_REASON_MINOR_UPGRADE Installation of software

0x00000004

SERVICE_STOP_REASON_MINOR_WMI WMI issue

0x00000012

pszComment: A pointer to a string that specifies a comment associated with the

dwReason parameter. String values are in ANSI.
2.2.31
SERVICE_CONTROL_STATUS_REASON_IN
_PARAMSW
Article01/04/2022

The SERVICE_CONTROL_STATUS_REASON_IN_PARAMSW structure<9> contains the

reason associated with the SERVICE_CONTROL_STOP. String values are in Unicode.

typedef struct _SERVICE_CONTROL_STATUS_REASON_IN_PARAMSW {

DWORD dwReason;
[string, range(0, SC_MAX_COMMENT_LENGTH)]
LPWSTR pszComment;
} SERVICE_CONTROL_STATUS_REASON_IN_PARAMSW,
*PSERVICE_CONTROL_STATUS_REASON_IN_PARAMSW;

dwReason: The reason associated with the SERVICE_CONTROL_STOP control. This

member MUST be set to a combination of one general reason code, one major reason
code, and one minor reason code.

The following are the general reason codes.

Value Meaning

Users can create custom major reason codes in the range

SERVICE_STOP_PLANNED The service stop was planned.

0x40000000
Value Meaning

SERVICE_STOP_UNPLANNED The service stop was not planned.

0x10000000

The following are the major reason codes.

Value Meaning

SERVICE_STOP_REASON_MAJOR_APPLICATION Application issue

0x00050000

SERVICE_STOP_REASON_MAJOR_HARDWARE Hardware issue

0x00020000

SERVICE_STOP_REASON_MAJOR_NONE No major reason

0x00060000

SERVICE_STOP_REASON_MAJOR_OPERATINGSYSTEM Operating system issue

0x00030000

SERVICE_STOP_REASON_MAJOR_OTHER Other issue

0x00010000

SERVICE_STOP_REASON_MAJOR_SOFTWARE Software issue

0x00040000

The following are the minor reason codes.

Value Meaning

SERVICE_STOP_REASON_MINOR_DISK Disk

0x00000008

SERVICE_STOP_REASON_MINOR_ENVIRONMENT Environment

0x0000000a

SERVICE_STOP_REASON_MINOR_HARDWARE_DRIVER Driver

0x0000000b
Value Meaning

SERVICE_STOP_REASON_MINOR_HUNG Unresponsive

0x00000006

SERVICE_STOP_REASON_MINOR_INSTALLATION Installation

0x00000003

SERVICE_STOP_REASON_MINOR_MAINTENANCE Maintenance

0x00000002

SERVICE_STOP_REASON_MINOR_MMC MMC issue

0x00000016

SERVICE_STOP_REASON_MINOR_NETWORK_CONNECTIVITY Network connectivity

0x00000011

SERVICE_STOP_REASON_MINOR_NETWORKCARD Network card

0x00000009

SERVICE_STOP_REASON_MINOR_NONE No minor reason

0x00000017

SERVICE_STOP_REASON_MINOR_OTHER Other issue

0x00000001

SERVICE_STOP_REASON_MINOR_OTHERDRIVER Other driver event

0x0000000c

SERVICE_STOP_REASON_MINOR_RECONFIG Reconfigure

0x00000005

SERVICE_STOP_REASON_MINOR_SECURITY Security issue

0x00000010

SERVICE_STOP_REASON_MINOR_SECURITYFIX Security update

0x0000000f

SERVICE_STOP_REASON_MINOR_SECURITYFIX_UNINSTALL Security update uninstall

0x00000015
Value Meaning

SERVICE_STOP_REASON_MINOR_SERVICEPACK Service pack

0x0000000d

SERVICE_STOP_REASON_MINOR_SERVICEPACK_UNINSTALL Service pack uninstall

0x00000013

SERVICE_STOP_REASON_MINOR_SOFTWARE_UPDATE Software update

0x0000000e

SERVICE_STOP_REASON_MINOR_SOFTWARE_UPDATE_UNINSTALL Software update uninstall

0x00000014

SERVICE_STOP_REASON_MINOR_UNSTABLE Unstable

0x00000007

SERVICE_STOP_REASON_MINOR_UPGRADE Installation of software

0x00000004

SERVICE_STOP_REASON_MINOR_WMI WMI issue

0x00000012

pszComment: A pointer to a string that specifies a comment associated with the

dwReason parameter. String values are in Unicode.
2.2.32
SERVICE_CONTROL_STATUS_REASON_O
UT_PARAMS
Article02/14/2019

The SERVICE_CONTROL_STATUS_REASON_OUT_PARAMS structure<10> contains the

status of the service.

typedef struct _SERVICE_CONTROL_STATUS_REASON_OUT_PARAMS {

SERVICE_STATUS_PROCESS ServiceStatus;
} SERVICE_CONTROL_STATUS_REASON_OUT_PARAMS,
*PSERVICE_CONTROL_STATUS_REASON_OUT_PARAMS;

ServiceStatus: A SERVICE_STATUS_PROCESS (section 2.2.49) structure that contains the

current status of the service.
2.2.33
SERVICE_DELAYED_AUTO_START_INFO
Article02/14/2019

The SERVICE_DELAYED_AUTO_START_INFO structure<11> defines the delayed autostart

setting of an autostart service.

typedef struct _SERVICE_DELAYED_AUTO_START_INFO {

BOOL fDelayedAutostart;
} SERVICE_DELAYED_AUTO_START_INFO,
*LPSERVICE_DELAYED_AUTO_START_INFO;

fDelayedAutostart: A Boolean value that specifies whether to delay the start of the
service. If this value is TRUE, the service is started after other autostart services are
started plus a short delay of approximately two minutes. Otherwise, the service is started
during the system boot. This setting is ignored unless the service is an autostart service.

If the service has other services that it is dependent on, as specified via the
lpDependencies member of the QUERY_SERVICE_CONFIGA structure (section 2.2.14)
and the QUERY_SERVICE_CONFIGW structure (section 2.2.15), then those services are
started before this service.
2.2.34 SERVICE_DESCRIPTIONA
Article04/27/2022

The SERVICE_DESCRIPTIONA structure contains the description of the service. String

values are in ANSI.

typedef struct _SERVICE_DESCRIPTIONA {

[string, range(0, 8 * 1024)] LPSTR lpDescription;
} SERVICE_DESCRIPTIONA,
*LPSERVICE_DESCRIPTIONA;

lpDescription: A pointer to a string that contains the description of the service in ANSI.
2.2.35 SERVICE_DESCRIPTIONW
Article02/14/2019

The SERVICE_DESCRIPTIONW structure contains the description of the service. String

values are in Unicode.

typedef struct _SERVICE_DESCRIPTIONW {

[string, range(0, 8 * 1024)] LPWSTR lpDescription;
} SERVICE_DESCRIPTIONW,
*LPSERVICE_DESCRIPTIONW;

lpDescription: A pointer to a string that contains the description of the service in

Unicode.
2.2.36 SERVICE_DESCRIPTION_WOW64
Article02/14/2019

The SERVICE_DESCRIPTION_WOW64 structure defines the offset at which

SERVICE_DESRIPTIONW is present.

typedef struct {
DWORD dwDescriptionOffset;
} SERVICE_DESCRIPTION_WOW64;

dwDescriptionOffset: A pointer to the offset for the SERVICE_DESCRIPTIONW (section

2.2.35) structure, which contains the service description in Unicode.
2.2.37
SERVICE_FAILURE_ACTIONS_WOW64
Article09/23/2019

The SERVICE_FAILURE_ACTIONS_WOW64 structure defines the action that the service

controller takes on each failure of a service.

typedef struct {
DWORD dwResetPeriod;
DWORD dwRebootMsgOffset;
DWORD dwCommandOffset;
DWORD cActions;
DWORD dwsaActionsOffset;
} SERVICE_FAILURE_ACTIONS_WOW64;

dwResetPeriod: The time, in seconds, after which to reset the failure count to zero if
there are no failures.

dwRebootMsgOffset: The offset for the buffer containing the message that is broadcast
in response to the SC_ACTION_REBOOT service controller action (section 2.2.18) to all
server users prior to a server reboot.

dwCommandOffset: The offset for the buffer that contains the Unicode command line
of the process that the process creation function executes in response to the
SC_ACTION_RUN_COMMAND service controller action (section 2.2.18).

cActions: The number of SC_ACTION (section 2.2.19) structures in the array that is offset
by the value of dwsaActionsOffset.

dwsaActionsOffset: The offset for the buffer that contains an array of SC_ACTION
structures.
2.2.38
SERVICE_REQUIRED_PRIVILEGES_INFO_
WOW64
Article02/14/2019

The SERVICE_REQUIRED_PRIVILEGES_INFO_WOW64 structure defines the offset at which

the SERVICE_RPC_REQUIRED_PRIVILEGES_INFO (section 2.2.48) structure is present.

typedef struct {
DWORD dwRequiredPrivilegesOffset;
} SERVICE_REQUIRED_PRIVILEGES_INFO_WOW64;

dwRequiredPrivilegesOffset: Offset of the SERVICE_RPC_REQUIRED_PRIVILEGES_INFO

structure.
2.2.39 SERVICE_FAILURE_ACTIONSA
Article04/27/2022

The SERVICE_FAILURE_ACTIONSA structure defines the action that the service controller
takes on each failure of a service. String values are stored in ANSI.

typedef struct _SERVICE_FAILURE_ACTIONSA {

DWORD dwResetPeriod;
[string, range(0, 8 * 1024)] LPSTR lpRebootMsg;
[string, range(0, 8 * 1024)] LPSTR lpCommand;
[range(0, 1024)] DWORD cActions;
[size_is(cActions)] SC_ACTION* lpsaActions;
} SERVICE_FAILURE_ACTIONSA,
*LPSERVICE_FAILURE_ACTIONSA;

dwResetPeriod: The time, in seconds, after which to reset the failure count to zero if
there are no failures.

lpRebootMsg: The buffer that contains the message to be broadcast to server users
before rebooting in response to the SC_ACTION_REBOOT service controller action.

lpCommand: The buffer that contains the command line of the process for the process
creation function to execute in response to the SC_ACTION_RUN_COMMAND service
controller action.

cActions: The number of elements in the lpsaActions array.

lpsaActions: A pointer to an array of SC_ACTION (section 2.2.19) structures.

The service controller counts the number of times each service has failed since the
system booted. The count is reset to 0 if the service has not failed for dwResetPeriod
seconds. When the service fails for the Nth time, the service controller performs the
action specified in element [N-1] of the lpsaActions array. If N is greater than cActions,
the service controller repeats the last action in the array.
2.2.40 SERVICE_FAILURE_ACTIONSW
Article01/04/2022

The SERVICE_FAILURE_ACTIONSW structure defines the action that the service controller
takes on each failure of a service. String values are stored in Unicode.

typedef struct _SERVICE_FAILURE_ACTIONSW {

DWORD dwResetPeriod;
[string, range(0, 8 * 1024)] LPWSTR lpRebootMsg;
[string, range(0, 8 * 1024)] LPWSTR lpCommand;
[range(0, 1024)] DWORD cActions;
[size_is(cActions)] SC_ACTION* lpsaActions;
} SERVICE_FAILURE_ACTIONSW,
*LPSERVICE_FAILURE_ACTIONSW;

dwResetPeriod: The time, in seconds, after which to reset the failure count to zero if
there are no failures.

lpRebootMsg: The buffer that contains the message to be broadcast to server users
before rebooting in response to the SC_ACTION_REBOOT service controller action.

lpCommand: The buffer that contains the command line of the process for the process
creation function to execute in response to the SC_ACTION_RUN_COMMAND service
controller action.

cActions: The number of elements in the lpsaActions array.

lpsaActions: A pointer to an array of SC_ACTION (section 2.2.19) structures.

The SERVICE_FAILURE_ACTIONS_FLAG structure<12> defines the failure action setting of

a service. This setting determines when failure actions are to be executed.

typedef struct _SERVICE_FAILURE_ACTIONS_FLAG {

BOOL fFailureActionsOnNonCrashFailures;
} SERVICE_FAILURE_ACTIONS_FLAG,
*LPSERVICE_FAILURE_ACTIONS_FLAG;

fFailureActionsOnNonCrashFailures: If this member is TRUE and the service has

configured failure actions, the failure actions are queued if the service process
terminates without reporting a status of SERVICE_STOPPED or if it enters the
SERVICE_STOPPED state but the dwWin32ExitCode member of the SERVICE_STATUS
(section 2.2.47) structure is not ERROR_SUCCESS.

If this member is FALSE and the service has configured failure actions, the failure actions
are queued only if the service terminates without reporting a status of
SERVICE_STOPPED.

This setting is ignored unless the service has configured failure actions.
2.2.42
SERVICE_NOTIFY_STATUS_CHANGE_PAR
AMS
Article02/14/2019

The latest supported version of the service notification status structure.<13>

This type is declared as follows:

typedef SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2
SERVICE_NOTIFY_STATUS_CHANGE_PARAMS, *PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS;
2.2.43
SERVICE_NOTIFY_STATUS_CHANGE_PAR
AMS_1
Article10/30/2020

The SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1 structure defines the service status

notification information. If a client uses this structure, the server copies data from this
structure to the newer structure specified in 2.2.44, and uses the newer structure.

typedef struct _SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1 {

ULONGLONG ullThreadId;
DWORD dwNotifyMask;
UCHAR CallbackAddressArray[16];
UCHAR CallbackParamAddressArray[16];
SERVICE_STATUS_PROCESS ServiceStatus;
DWORD dwNotificationStatus;
DWORD dwSequence;
} SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1,
*PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1;

ullThreadId: Not used.

dwNotifyMask: A value that specifies the status changes in which the client is
interested. It MUST be one or more of the following values.

Value Meaning

SERVICE_NOTIFY_CREATED Report when the service has been created.

0x00000080

SERVICE_NOTIFY_CONTINUE_PENDING Report when the service is about to continue.

0x00000010

SERVICE_NOTIFY_DELETE_PENDING Report when an application has specified the service to

delete.
0x00000200

SERVICE_NOTIFY_DELETED Report when the service has been deleted.

0x00000100

SERVICE_NOTIFY_PAUSE_PENDING Report when the service is pausing.

0x00000020
Value Meaning

SERVICE_NOTIFY_PAUSED Report when the service has paused.

0x00000040

SERVICE_NOTIFY_RUNNING Report when the service is running.

0x00000008

SERVICE_NOTIFY_START_PENDING Report when the service is starting.

0x00000002

SERVICE_NOTIFY_STOP_PENDING Report when the service is stopping.

0x00000004

SERVICE_NOTIFY_STOPPED Report when the service has stopped.

0x00000001

CallbackAddressArray: Not used.

CallbackParamAddressArray: Not used.

ServiceStatus: A SERVICE_STATUS_PROCESS (section 2.2.49) structure that contains

information about the service.

dwNotificationStatus: A value that indicates the notification status. If this member is

ERROR_SUCCESS, the notification has succeeded and the server adds valid information
to the ServiceStatus, dwNotificationTriggered, and pszServiceNames members. If this
member is ERROR_REQUEST_ABORTED or ERROR_SERVICE_MARKED_FOR_DELETE, the
notification has failed.

dwSequence: Not used.

2.2.44
SERVICE_NOTIFY_STATUS_CHANGE_PAR
AMS_2
Article10/30/2020

The SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2 structure<14> defines the service

status notification information.

typedef struct _SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2 {

ULONGLONG ullThreadId;
DWORD dwNotifyMask;
UCHAR CallbackAddressArray[16];
UCHAR CallbackParamAddressArray[16];
SERVICE_STATUS_PROCESS ServiceStatus;
DWORD dwNotificationStatus;
DWORD dwSequence;
DWORD dwNotificationTriggered;
[string, range(0, 64*1024)] PWSTR pszServiceNames;
} SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2,
*PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2;

ullThreadId: Not used.

dwNotifyMask: A value that specifies the status changes in which the client is
interested. It MUST be one or more of the following values.

Value Meaning

SERVICE_NOTIFY_CREATED Report when the service has been created.

0x00000080

SERVICE_NOTIFY_CONTINUE_PENDING Report when the service is about to continue.

0x00000010

SERVICE_NOTIFY_DELETE_PENDING Report when an application has specified the service to

delete.
0x00000200

SERVICE_NOTIFY_DELETED Report when the service has been deleted.

0x00000100
Value Meaning

SERVICE_NOTIFY_PAUSE_PENDING Report when the service is pausing.

0x00000020

SERVICE_NOTIFY_PAUSED Report when the service has paused.

0x00000040

SERVICE_NOTIFY_RUNNING Report when the service is running.

0x00000008

SERVICE_NOTIFY_START_PENDING Report when the service is starting.

0x00000002

SERVICE_NOTIFY_STOP_PENDING Report when the service is stopping.

0x00000004

SERVICE_NOTIFY_STOPPED Report when the service has stopped.

0x00000001

CallbackAddressArray: Not used.

CallbackParamAddressArray: Not used.

ServiceStatus: A SERVICE_STATUS_PROCESS (section 2.2.49) structure that contains

information about the service.

dwNotificationStatus: A value that indicates the notification status. If this member is

dwSequence: Not used.

dwNotificationTriggered: The value that specifies the specific status change event that
triggered the notification to the client. This MUST be one or more of the values specified
in the dwNotifyMask parameter.

pszServiceNames: A pointer to a sequence of null-terminated strings, terminated by an

empty string (\0) that contains the name of the service that was created or deleted.

The forward slash, back slash, comma, and space characters are illegal in service names.
The names of the created services are prefixed by "/" to distinguish them from the
names of the deleted services.
2.2.45 SERVICE_PRESHUTDOWN_INFO
Article02/14/2019

The SERVICE_PRESHUTDOWN_INFO structure<15> defines the time-out value in

milliseconds.

typedef struct _SERVICE_PRESHUTDOWN_INFO {

DWORD dwPreshutdownTimeout;
} SERVICE_PRESHUTDOWN_INFO,
*LPSERVICE_PRESHUTDOWN_INFO;

dwPreshutdownTimeout: Time, in milliseconds, that the SCM waits for the service to
enter the SERVICE_STOPPED state after sending the
SERVICE_CONTROL_PRESHUTDOWN message.
2.2.46 SERVICE_SID_INFO
Article04/06/2021

The SERVICE_SID_INFO structure<16> defines the type of service security identifier (SID)
associated with a service.

typedef struct _SERVICE_SID_INFO {

DWORD dwServiceSidType;
} SERVICE_SID_INFO,
*LPSERVICE_SID_INFO;

dwServiceSidType: The type of service SID. This MUST be one of the following values.

Value Meaning

SERVICE_SID_TYPE_NONE No service SID.

0x00000000

SERVICE_SID_TYPE_RESTRICTED This type includes SERVICE_SID_TYPE_UNRESTRICTED. The

service SID is also added to the restricted SID list of the
0x00000003 process token. Three additional SIDs are added to the
restricted SID list:

1. World SID S-1-1-0.

2. Service logon SID.

3. One access control entry (ACE) that allows GENERIC_ALL

access for the service logon SID is also added to the service
process token object.

If multiple services are hosted in the same process and one

service has SERVICE_SID_TYPE_RESTRICTED, all services
MUST have SERVICE_SID_TYPE_RESTRICTED.

SERVICE_SID_TYPE_UNRESTRICTED When the service process is created, the service SID is

added to the service process token with the following
0x00000001 attributes: SE_GROUP_ENABLED_BY_DEFAULT |
SE_GROUP_OWNER.
2.2.47 SERVICE_STATUS
Article04/06/2021

The SERVICE_STATUS structure defines information about a service.

typedef struct {
DWORD dwServiceType;
DWORD dwCurrentState;
DWORD dwControlsAccepted;
DWORD dwWin32ExitCode;
DWORD dwServiceSpecificExitCode;
DWORD dwCheckPoint;
DWORD dwWaitHint;
} SERVICE_STATUS,
*LPSERVICE_STATUS;

dwServiceType: The type of service.

Value Meaning

SERVICE_KERNEL_DRIVER A driver service. These are services that manage devices on

the system.
0x00000001

SERVICE_FILE_SYSTEM_DRIVER A file system driver service. These are services that manage
file systems on the system.
0x00000002

SERVICE_WIN32_OWN_PROCESS A service that runs in its own process.

0x00000010

SERVICE_WIN32_SHARE_PROCESS A service that shares a process with other services.

0x00000020

SERVICE_INTERACTIVE_PROCESS The service can interact with the desktop.

0x00000100

Only SERVICE_WIN32_OWN_PROCESS and SERVICE_INTERACTIVE_PROCESS OR

SERVICE_WIN32_SHARE_PROCESS and SERVICE_INTERACTIVE_PROCESS can be
combined.

dwCurrentState: The current state of the service.

Value Meaning
Value Meaning

0x00000005 SERVICE_CONTINUE_PENDING

0x00000006 SERVICE_PAUSE_PENDING

0x00000007 SERVICE_PAUSED

0x00000004 SERVICE_RUNNING

0x00000002 SERVICE_START_PENDING

0x00000003 SERVICE_STOP_PENDING

0x00000001 SERVICE_STOPPED

dwControlsAccepted: The control codes that the service accepts and processes in its
handler function. One or more of the following values can be set. By default, all services
accept the SERVICE_CONTROL_INTERROGATE value. A value of zero indicates that no
controls are accepted.

Value Meaning

0x00000008 SERVICE_ACCEPT_PARAMCHANGE

Service can reread its startup parameters without being stopped and restarted.

This control code allows the service to receive SERVICE_CONTROL_PARAMCHANGE

notifications.

0x00000002 SERVICE_ACCEPT_PAUSE_CONTINUE

Service can be paused and continued.

This control code allows the service to receive SERVICE_CONTROL_PAUSE and

SERVICE_CONTROL_CONTINUE notifications.

0x00000004 SERVICE_ACCEPT_SHUTDOWN

Service is notified when system shutdown occurs.

This control code enables the service to receive SERVICE_CONTROL_SHUTDOWN

notifications from the server.

0x00000001 SERVICE_ACCEPT_STOP

Service can be stopped.

This control code allows the service to receive SERVICE_CONTROL_STOP

notifications.
Value Meaning

0x00000020 SERVICE_ACCEPT_HARDWAREPROFILECHANGE

Service is notified when the computer's hardware profile changes.

0x00000040 SERVICE_ACCEPT_POWEREVENT

Service is notified when the computer's power status changes.

0x00000080 SERVICE_ACCEPT_SESSIONCHANGE

Service is notified when the computer's session status changes.

0x00000100 SERVICE_ACCEPT_PRESHUTDOWN<17>

The service can perform preshutdown tasks.

SERVICE_ACCEPT_PRESHUTDOWN is sent before sending

SERVICE_CONTROL_SHUTDOWN to give more time to services that need extra time
before shutdown occurs.

0x00000200 SERVICE_ACCEPT_TIMECHANGE<18>

Service is notified when the system time changes.

0x00000400 SERVICE_ACCEPT_TRIGGEREVENT<19>

Service is notified when an event for which the service has registered occurs.

dwWin32ExitCode: An error code that the service uses to report an error that occurs
when it is starting or stopping. To return an error code specific to the service, the service
MUST set this value to ERROR_SERVICE_SPECIFIC_ERROR to indicate that the
dwServiceSpecificExitCode member contains the error code. The service sets this value
to NO_ERROR when it is running and on normal termination.

dwServiceSpecificExitCode: A service-specific error code that the service returns when

an error occurs while it is starting or stopping. The client SHOULD<20> ignore this value
unless the dwWin32ExitCode member is set to ERROR_SERVICE_SPECIFIC_ERROR.

dwCheckPoint: A value that the service increments periodically to report its progress
during a lengthy start, stop, pause, or continue operation. This value is zero when the
service state is SERVICE_PAUSED, SERVICE_RUNNING, or SERVICE_STOPPED.

dwWaitHint: An estimate of the amount of time, in milliseconds, that the service expects
a pending start, stop, pause, or continue operation to take before the service makes its
next status update. Before the specified amount of time has elapsed, the service makes
its next call to the SetServiceStatus function with either an incremented dwCheckPoint
value or a change in dwCurrentState. If the time specified by dwWaitHint passes, and
dwCheckPoint has not been incremented or dwCurrentState has not changed, the
server can assume that an error has occurred and the service can be stopped. However,
if the service shares a process with other services, the server cannot terminate the
service application because it would have to terminate the other services sharing the
process as well.
2.2.48
SERVICE_RPC_REQUIRED_PRIVILEGES_IN
FO
Article06/24/2021

The SERVICE_RPC_REQUIRED_PRIVILEGES_INFO structure<21> defines the required

privileges for a service.

typedef struct _SERVICE_RPC_REQUIRED_PRIVILEGES_INFO {

[range(0, 1024 * 4)] DWORD cbRequiredPrivileges;
[size_is(cbRequiredPrivileges)]
PBYTE pRequiredPrivileges;
} SERVICE_RPC_REQUIRED_PRIVILEGES_INFO,
*LPSERVICE_RPC_REQUIRED_PRIVILEGES_INFO;

cbRequiredPrivileges: Size, in bytes, of the pRequiredPrivileges buffer.

pRequiredPrivileges: Buffer that contains the required privileges of a service in the

format of a sequence of null-terminated strings, terminated by an empty string (\0). The
privilege constants are detailed in [MS-LSAD] section 3.1.1.2.1.
2.2.49 SERVICE_STATUS_PROCESS
Article04/27/2022

The SERVICE_STATUS_PROCESS structure contains information about a service that is

used by the RQueryServiceStatusEx method.

dwServiceType: The type of service. This MUST be one of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER A driver service. These are services that manage devices on

the system.
0x00000001

SERVICE_FILE_SYSTEM_DRIVER A file system driver service. These are services that manage
file systems on the system.
0x00000002

SERVICE_WIN32_OWN_PROCESS A service that runs in its own process.

0x00000010

SERVICE_WIN32_SHARE_PROCESS A service that shares a process with other services.

0x00000020

SERVICE_INTERACTIVE_PROCESS The service can interact with the desktop.

0x00000100

Only SERVICE_WIN32_OWN_PROCESS and SERVICE_INTERACTIVE_PROCESS or

SERVICE_WIN32_SHARE_PROCESS and SERVICE_INTERACTIVE_PROCESS can be
combined.
dwCurrentState: The current state of the service. This MUST be one of the following
values.

Value Meaning

0x00000005 SERVICE_CONTINUE_PENDING

0x00000006 SERVICE_PAUSE_PENDING

0x00000007 SERVICE_PAUSED

0x00000004 SERVICE_RUNNING

0x00000002 SERVICE_START_PENDING

0x00000003 SERVICE_STOP_PENDING

0x00000001 SERVICE_STOPPED

dwControlsAccepted: The control codes that the service accepts and processes in its
handler function. This bit mask MUST be set to zero or more of the following values. The
value of dwControlsAccepted is 0x00000000 if the service type is
SERVICE_KERNEL_DRIVER or SERVICE_FILE_SYSTEM_DRIVER.

Value Meaning

0x00000008 SERVICE_ACCEPT_PARAMCHANGE

Service can reread its startup parameters without being stopped and restarted.

0x00000002 SERVICE_ACCEPT_PAUSE_CONTINUE

Service can be paused and continued.

0x00000004 SERVICE_ACCEPT_SHUTDOWN

Service is notified when system shutdown occurs.

0x00000001 SERVICE_ACCEPT_STOP

Service can be stopped.

0x00000020 SERVICE_ACCEPT_HARDWAREPROFILECHANGE

Service is notified when the computer hardware profile changes.

0x00000040 SERVICE_ACCEPT_POWEREVENT

Service is notified when the computer power status changes.

Value Meaning

0x00000080 SERVICE_ACCEPT_SESSIONCHANGE

Service is notified when the computer session status changes.

0x00000100 SERVICE_ACCEPT_PRESHUTDOWN<22>

The service can perform preshutdown tasks.

SERVICE_ACCEPT_PRESHUTDOWN is sent before sending

SERVICE_CONTROL_SHUTDOWN to give more time to services that need extra time
before shutdown occurs.

0x00000200 SERVICE_ACCEPT_TIMECHANGE<23>

Service is notified when the system time changes.

0x00000400 SERVICE_ACCEPT_TRIGGEREVENT<24>

Service is notified when an event for which the service has registered occurs.

dwWin32ExitCode: An error code that the service uses to report an error that occurs
when it is starting or stopping.

dwServiceSpecificExitCode: A service-specific error code that the service returns when

an error occurs while it is starting or stopping.

dwCheckPoint: A value that the service increments periodically to report its progress
during a lengthy start, stop, pause, or continue operation.

dwWaitHint: An estimate of the amount of time, in milliseconds, that the service expects
a pending start, stop, pause, or continue operation to take before the service makes its
next status update.

dwProcessId: A process identifier of the service. A value of 0 indicates that the service is
not started.

dwServiceFlags: The bit flags that describe the process in which the service is running.
This MUST be one of the following values.

Value Meaning

0x00000000 Service is either running in a process that is not a system process, or the service is
not running at all. In a nonsystem process, dwProcessId is nonzero. If the service is
not running, dwProcessId is 0.

0x00000001 Service runs in a system process that MUST always be running.

2.2.50 STRING_PTRSA
Article01/04/2022

The STRING_PTRSA structure defines a pointer to an ANSI character string.

typedef struct _STRING_PTRSA {

[string, range(0, SC_MAX_ARGUMENT_LENGTH)]
LPSTR StringPtr;
} STRING_PTRSA,
*PSTRING_PTRSA,
*LPSTRING_PTRSA;

StringPtr: Pointer to an ANSI character string.

2.2.51 STRING_PTRSW
Article02/14/2019

The STRING_PTRSW structure defines a pointer to a Unicode character string.

typedef struct _STRING_PTRSW {

[string, range(0, SC_MAX_ARGUMENT_LENGTH)]
wchar_t* StringPtr;
} STRING_PTRSW,
*PSTRING_PTRSW,
*LPSTRING_PTRSW;

StringPtr: A pointer to a Unicode character string.

2.2.52
SERVICE_TRIGGER_SPECIFIC_DATA_ITEM
Article10/30/2020

The SERVICE_TRIGGER_SPECIFIC_DATA_ITEM <25> structure contains information about

one trigger data item of a service.

typedef struct _SERVICE_TRIGGER_SPECIFIC_DATA_ITEM {

DWORD dwDataType;
[range(0, 1024)] DWORD cbData;
[size_is(cbData)] PBYTE pData;
} SERVICE_TRIGGER_SPECIFIC_DATA_ITEM,
*PSERVICE_TRIGGER_SPECIFIC_DATA_ITEM;

dwDataType: The type of trigger data. This MUST be one of the following values.

Value Meaning

0x00000001 SERVICE_TRIGGER_DATA_TYPE_BINARY

0x00000002 SERVICE_TRIGGER_DATA_TYPE_STRING

cbData: Size in bytes of the data in pData.

pData: Trigger data. When dwDataType is set equal to 0x00000002

(SERVICE_TRIGGER_DATA_TYPE_STRING), the encoding is Unicode string and includes a
terminating null character. This string can contain data in the format of a sequence of
null-terminated strings, terminated by an empty string (\0).
2.2.53 SERVICE_TRIGGER
Article04/27/2022

The SERVICE_TRIGGER <26> structure contains information about one trigger of a service.

typedef struct _SERVICE_TRIGGER {

DWORD dwTriggerType;
DWORD dwAction;
GUID* pTriggerSubtype;
[range(0, 64)] DWORD cDataItems;
[size_is(cDataItems)] PSERVICE_TRIGGER_SPECIFIC_DATA_ITEM pDataItems;
} SERVICE_TRIGGER,
*PSERVICE_TRIGGER;

dwTriggerType: The type of trigger. This MUST be one of the following values.

Value Meaning

0x00000001 SERVICE_TRIGGER_TYPE_DEVICE_INTERFACE_ARRIVAL

The event is triggered when a device of the specified device interface class arrives or is
present when the system starts. This trigger event is commonly used to start a service.

Interface arrival occurs when a device belonging to a device interface class has been
inserted.

The pTriggerSubtype member specifies the device interface class GUID, as defined in [MS-
DTYP] section 2.3.4. These GUIDs are defined in device-specific header files provided with
the Windows Driver Kit (WDK) [MSDN-WinDriverKit] .

The pDataItems member specifies one or more hardware ID and compatible ID strings for
the device interface class. Strings MUST be Unicode. If more than one string is specified,
the event is triggered if any one of the strings matches. For example, the Wpdbusenum
service is started when a device of device interface class GUID_DEVINTERFACE_DISK
{53f56307-b6bf-11d0-94f2-00a0c91efb8b} and a hardware ID string of
"USBSTOR\GenDisk" arrives.

0x00000002 SERVICE_TRIGGER_TYPE_IP_ADDRESS_AVAILABILITY

The event is triggered when the first IP address on the TCP/IP networking stack becomes
available or the last IP address on the stack becomes unavailable. This trigger event can be
used to start or stop a service.

The pTriggerSubtype member specifies

NETWORK_MANAGER_FIRST_IP_ADDRESS_ARRIVAL_GUID or
NETWORK_MANAGER_LAST_IP_ADDRESS_REMOVAL_GUID.

The pDataItems member is not used.

Value Meaning

0x00000003 SERVICE_TRIGGER_TYPE_DOMAIN_JOIN

The event is triggered when the computer joins or leaves a domain. This trigger event can
be used to start or stop a service.

The pTriggerSubtype member specifies DOMAIN_JOIN_GUID or DOMAIN_LEAVE_GUID.

The pDataItems member is not used.

0x00000004 SERVICE_TRIGGER_TYPE_FIREWALL_PORT_EVENT

The event is triggered when a firewall port is opened or approximately 60 seconds after
the firewall port is closed. This trigger event can be used to start or stop a service.

The pTriggerSubtype member specifies FIREWALL_PORT_OPEN_GUID or

FIREWALL_PORT_CLOSE_GUID.

The pDataItems member specifies the port, the protocol, and optionally the executable
path and user information (SID string or name) of the service listening on the event. The
"RPC" token can be used in place of the port to specify any listening socket used by RPC.
The "system" token can be used in place of the executable path to specify ports created by
and listened on by the Windows kernel.

The event is triggered only if all strings match. For example, if MyService hosted inside
Svchost.exe is to be trigger-started when port UDP 5001 opens, the trigger-specific data
would be the Unicode representation of
"5001\0UDP\0%systemroot%\system32\svchost.exe\0MyService\0\0".

0x00000005 SERVICE_TRIGGER_TYPE_GROUP_POLICY

The event is triggered when a machine policy or user policy change occurs. This trigger
event is commonly used to start a service.

The pTriggerSubtype member specifies MACHINE_POLICY_PRESENT_GUID or

USER_POLICY_PRESENT_GUID.

The pDataItems member is not used.

0x00000020 SERVICE_TRIGGER_TYPE_CUSTOM

The event is a custom event generated by an Event Tracing for Windows (ETW) provider.
This trigger event can be used to start or stop a service.

The pTriggerSubtype member specifies the event provider's GUID.

The pDataItems member specifies trigger-specific data defined by the provider.

dwAction: The type of action to be taken on the trigger arrival. This MUST be one of the
following values.

Value Meaning

0x00000001 SERVICE_TRIGGER_ACTION_SERVICE_START
Value Meaning

0x00000002 SERVICE_TRIGGER_ACTION_SERVICE_STOP

pTriggerSubtype: Points to a GUID that identifies the trigger event subtype. The value of this
member depends on the value of the dwTriggerType member.

If dwTriggerType is SERVICE_TRIGGER_TYPE_CUSTOM, pTriggerSubtype is the GUID that

identifies the custom event provider.

If dwTriggerType is SERVICE_TRIGGER_TYPE_DEVICE_INTERFACE_ARRIVAL, pTriggerSubtype is

the GUID that identifies the device interface class.

For other trigger event types, pTriggerSubtype can be one of the following values.

Value Meaning

DOMAIN_JOIN_GUID The event is triggered when the computer joins a

domain. The dwTriggerType member MUST be
1ce20aba-9851-4421-9430-1ddeb766e809 SERVICE_TRIGGER_TYPE_DOMAIN_JOIN.

DOMAIN_LEAVE_GUID The event is triggered when the computer leaves a

domain. The dwTriggerType member MUST be
ddaf516e-58c2-4866-9574-c3b615d42ea1 SERVICE_TRIGGER_TYPE_DOMAIN_JOIN.

FIREWALL_PORT_OPEN_GUID The event is triggered when the specified firewall

port is opened. The dwTriggerType member MUST
b7569e07-8421-4ee0-ad10-86915afdad09 be
SERVICE_TRIGGER_TYPE_FIREWALL_PORT_EVENT.

FIREWALL_PORT_CLOSE_GUID The event is triggered approximately 60 seconds

after the specified firewall port is closed. The
a144ed38-8e12-4de4-9d96-e64740b1a524 dwTriggerType member MUST be
SERVICE_TRIGGER_TYPE_FIREWALL_PORT_EVENT.

MACHINE_POLICY_PRESENT_GUID The event is triggered when the machine policy has

changed. The dwTriggerType member MUST be
659FCAE6-5BDB-4DA9-B1FF-CA2A178D46E0 SERVICE_TRIGGER_TYPE_GROUP_POLICY.

NETWORK_MANAGER_FIRST_IP_ADDRESS_ARRIVAL_GUID The event is triggered when the first IP address on

the TCP/IP networking stack becomes available. The
4f27f2de-14e2-430b-a549-7cd48cbc8245 dwTriggerType member MUST be
SERVICE_TRIGGER_TYPE_IP_ADDRESS_AVAILABILITY.

NETWORK_MANAGER_LAST_IP_ADDRESS_REMOVAL_GUID The event is triggered when the last IP address on

the TCP/IP networking stack becomes unavailable.
cc4ba62a-162e-4648-847a-b6bdf993e335 The dwTriggerType member MUST be
SERVICE_TRIGGER_TYPE_IP_ADDRESS_AVAILABILITY.

USER_POLICY_PRESENT_GUID The event is triggered when the user policy has

changed. The dwTriggerType member MUST be
54FB46C8-F089-464C-B1FD-59D1B62C3B50 SERVICE_TRIGGER_TYPE_GROUP_POLICY.
cDataItems: Number of data items in the pDataItems array.

pDataItems: Array of SERVICE_TRIGGER_SPECIFIC_DATA_ITEM structures.

2.2.54 SERVICE_TRIGGER_INFO
Article06/24/2021

The SERVICE_TRIGGER_INFO <27> structure contains trigger information about a

service.

typedef struct _SERVICE_TRIGGER_INFO {

[range(0, 64)] DWORD cTriggers;
[size_is(cTriggers)] PSERVICE_TRIGGER pTriggers;
PBYTE pReserved;
} SERVICE_TRIGGER_INFO,
*PSERVICE_TRIGGER_INFO;

cTriggers: Number of items in the pTriggers array.

pTriggers: Array of triggers each element of type SERVICE_TRIGGER.

pReserved: Reserved, MUST be NULL.

2.2.55 SERVICE_PREFERRED_NODE_INFO
Article02/14/2019

The server MUST support initializing and executing a given service within a specified
node when the server is running on a system supporting Non-Uniform Memory Access
(NUMA) technology [MSDN-NUMA] . The SERVICE_PREFERRED_NODE_INFO <28>
structure defines the preferred node of a service.

typedef struct _SERVICE_PREFERRED_NODE_INFO {

USHORT usPreferredNode;
BOOLEAN fDelete;
} SERVICE_PREFERRED_NODE_INFO,
*LPSERVICE_PREFERRED_NODE_INFO;

usPreferredNode: The preferred node number.

fDelete: If the preferred NUMA node information of the service can be deleted, set to 1;
otherwise set to 0.
2.2.56 svcctl Interface Constants
Article10/30/2020

The following are constants that are used by the svcctl interface.

Constant/value Description

MAX_SERVICE_NAME_LENGTH This constant is the maximum length of a service name. It

is defined as an unsigned short. The length does not
256 include the terminating null character.

SC_MAX_ACCOUNT_NAME_LENGTH This constant is the maximum size of the account name

strings. It is defined as an unsigned short. The length
2048 includes the terminating null character.

SC_MAX_ARGUMENT_LENGTH This constant is the maximum size of the argument

strings. It is defined as an unsigned short. The length
1024 includes the terminating null character.

SC_MAX_ARGUMENTS This constant is the maximum length of the argc

parameter of the RStartServiceA (section 3.1.4.30) and
1024 RStartServiceW (section 3.1.4.19) RPCs. It is defined as an
unsigned short.

SC_MAX_COMMENT_LENGTH This constant is the maximum size of the comment

strings. It is defined as an unsigned short. The length
128 includes the terminating null character.

SC_MAX_COMPUTER_NAME_LENGTH This constant is the maximum size of the computer name

strings. It is defined as an unsigned short. The length
1024 includes the terminating null character.

SC_MAX_DEPEND_SIZE This constant is the maximum size in bytes of the

dependency strings, which describe the set of startup
4096 order dependencies for a service. It is defined as an
unsigned short. The length includes two terminating null
characters.

SC_MAX_NAME_LENGTH This constant is the maximum size in bytes of the name

strings. It is defined as an unsigned short. The length
257 includes the terminating null character.

SC_MAX_PATH_LENGTH This constant is the maximum size of the path strings. It is

defined as an unsigned short. The length includes the
32768 terminating null character.

SC_MAX_PWD_SIZE This constant is the maximum size of the password

strings. It is defined as an unsigned short. The length
514 includes the terminating null character.
2.2.57 Common Error Codes
Article02/14/2019

Unless specified explicitly, the methods in the svcctl interface return 0 on success and a
nonzero implementation-specific value on failure in the return code of the response. All
failure values MUST be treated as equivalent for protocol purposes and SHOULD be
simply passed back to the invoking application.
3 Protocol Details
Article02/14/2019

The following sections specify details of the Service Control Manager Remote Protocol,
including abstract data models, interface method syntax, and message processing rules.

The client side of this protocol is simply a pass-through. That is, no additional timers or
other state is required on the client side of this protocol. Calls made by the higher-layer
protocol or application are passed directly to the transport, and the results returned by
the transport are passed directly back to the higher-layer protocol or application.
3.1 Server Details
Article02/14/2019

The Service Control Manager Remote Protocol server handles client requests for any of
the messages specified in section 3.1.4 and operates on services on the server. For each
of those messages, the behavior of the server is specified in section 3.1.4.
3.1.1 Abstract Data Model
Article04/27/2022

Services are programs that execute on a machine whose life cycle and execution
properties are governed by the rules defined by the SCM. The state diagram that
models these rules follows.

Figure 1: State Diagram in which life cycle and execution properties are governed by
the rules defined in SCM

From state To state Cause

SERVICE_STOPPED SERVICE_RUNNING The client calls the

StartService function to start
the service. For more
information, see [MSDN-
STARTSERVICE] .
The server started the service
at system start.
From state To state Cause

SERVICE_STOPPED SERVICE_START_PENDING The client calls the

StartService function to start
the service. For more
information, see [MSDN-
STARTSERVICE].
The service asks the server to
change its service status to
SERVICE_START_PENDING
status using the
SetServiceStatus function if it
requires more time to initialize
before it can handle requests.
For more information, see
[MSDN-SetSvcStatus] .

SERVICE_START_PENDING SERVICE_RUNNING The service asks the server to

set its service status to
SERVICE_RUNNING using the
SetServiceStatus function
when it is ready to handle
requests. For more
information, see [MSDN-
SetSvcStatus].

SERVICE_START_PENDING SERVICE_STOP_PENDING A client calls the

ControlService or
ControlServiceEx functions
with SERVICE_CONTROL_STOP
to stop the service. The server
sets the service's status to
SERVICE_STOPPED. For more
information, see [MSDN-
CtrlSvc] and [MSDN-
CtrlSvcEx] .
The service asks the server to
set its service status to
SERVICE_STOP_PENDING using
the SetServiceStatus function
when it receives a stop request
during initialization and
requires time to stop. For more
information, see [MSDN-
SetSvcStatus].
The server stops a service at
system shutdown.
From state To state Cause

SERVICE_START_PENDING SERVICE_STOPPED A client calls the

ControlService or
ControlServiceEx functions
with SERVICE_CONTROL_STOP
to stop the service. The server
sets the service's status to
SERVICE_STOPPED. For more
information, see [MSDN-
CtrlSvc] and [MSDN-CtrlSvcEx].
The service asks the server to
set its service status to
SERVICE_STOPPED using the
SetServiceStatus function if it
receives a stop request during
initialization and is ready to
stop. For more information,
see [MSDN-SetSvcStatus].
The server stops a service at
system shutdown.

SERVICE_STOP_PENDING SERVICE_STOPPED The service asks the server to

set its service status to
SERVICE_STOPPED using the
SetServiceStatus function
when it is ready to stop. For
more information, see [MSDN-
SetSvcStatus].
The server stops a service at
system shutdown.
From state To state Cause

SERVICE_RUNNING SERVICE_PAUSED A client calls the

ControlService or
ControlServiceEx functions
with
SERVICE_CONTROL_PAUSE to
pause the service. The server
sets the service's status to
SERVICE_PAUSED. For more
information, see [MSDN-
CtrlSvc] and [MSDN-CtrlSvcEx].
The service asks the server to
set its service status to
SERVICE_PAUSED using the
SetServiceStatus function if it
is ready to pause. Otherwise,
the service asks the server to
set its service status to
SERVICE_PAUSE_PENDING. For
more information, see [MSDN-
SetSvcStatus].

SERVICE_RUNNING SERVICE_PAUSE_PENDING A client calls the

ControlService or
ControlServiceEx functions
with
SERVICE_CONTROL_PAUSE to
pause the service. The server
sets the service's status to
SERVICE_PAUSED. For more
information, see [MSDN-
CtrlSvc] and [MSDN-CtrlSvcEx].
The service asks the server to
set its service status to
SERVICE_PAUSE_PENDING
using the SetServiceStatus
function if it receives a pause
request and requires more
time to pause. For more
information, see [MSDN-
SetSvcStatus].
From state To state Cause

SERVICE_RUNNING SERVICE_STOPPED A client calls the

ControlService or
ControlServiceEx functions
with SERVICE_CONTROL_STOP
to stop the service. The server
sets the service's status to
SERVICE_STOPPED. For more
information, see [MSDN-
CtrlSvc] and [MSDN-CtrlSvcEx].
The service asks the server to
set its service status to
SERVICE_STOPPED using the
SetServiceStatus function if it
receives a stop request and is
ready to stop. For more
information, see [MSDN-
SetSvcStatus].
The server stops a service at
system shutdown.

SERVICE_RUNNING SERVICE_STOP_PENDING A client calls the

ControlService or
ControlServiceEx functions
with SERVICE_CONTROL_STOP
to stop the service. The server
sets the service's status to
SERVICE_STOPPED. For more
information, see [MSDN-
CtrlSvc] and [MSDN-CtrlSvcEx].
The service asks the server to
set its status to
SERVICE_STOP_PENDING using
the SetServiceStatus function
if it receives a stop request and
requires more time to stop. For
more information, see [MSDN-
SetSvcStatus].
The server stops a service at
system shutdown.
From state To state Cause

SERVICE_PAUSE_PENDING SERVICE_PAUSED The service asks the server to

set its service status to
SERVICE_PAUSED using the
SetServiceStatus function if it
is ready to pause. For more
information, see [MSDN-
SetSvcStatus].

SERVICE_PAUSE_PENDING SERVICE_STOP_PENDING A client calls the

ControlService or
ControlServiceEx functions
with SERVICE_CONTROL_STOP
to stop the service. The server
sets the service's status to
SERVICE_STOPPED. For more
information, see [MSDN-
CtrlSvc] and [MSDN-CtrlSvcEx].
The service asks the server to
set its service status to
SERVICE_STOP_PENDING using
the SetServiceStatus function
if it receives a stop request
while it is preparing to pause
and requires more time to
stop. For more information,
see [MSDN-SetSvcStatus].
The server stops a service at
system shutdown.
From state To state Cause

SERVICE_PAUSE_PENDING SERVICE_STOPPED A client calls the

ControlService or
ControlServiceEx functions
with SERVICE_CONTROL_STOP
to stop the service. The server
sets the service's status to
SERVICE_STOPPED. For more
information, see [MSDN-
CtrlSvc] and [MSDN-CtrlSvcEx].
The service asks the server to
set its service status to
SERVICE_STOPPED using the
SetServiceStatus function
when it is ready to stop. For
more information, see [MSDN-
SetSvcStatus].
The server stops a service at
system shutdown.

SERVICE_PAUSED SERVICE_RUNNING A client calls the

ControlService or
ControlServiceEx functions
with
SERVICE_CONTROL_CONTINUE
to resume a paused service.
The server sets the service's
status to SERVICE_RUNNING.
For more information, see
[MSDN-CtrlSvc] and [MSDN-
CtrlSvcEx].
The service asks the server to
set its service status to
SERVICE_CONTINUE_PENDING
using the SetServiceStatus
function. For more
information, see [MSDN-
SetSvcStatus].
From state To state Cause

SERVICE_PAUSED SERVICE_CONTINUE_PENDING A client calls the

ControlService or
ControlServiceEx functions
with
SERVICE_CONTROL_CONTINUE
to resume a paused service.
The server sets the service's
status to SERVICE_RUNNING.
For more information, see
[MSDN-CtrlSvc] and [MSDN-
CtrlSvcEx].
The service asks the server to
set its service status to
SERVICE_CONTINUE_PENDING
using the SetServiceStatus
function if it receives a
continue request while it is
paused and requires more
time to resume. For more
information, see [MSDN-
SetSvcStatus].

SERVICE_PAUSED SERVICE_STOP_PENDING A client calls the

ControlService or
ControlServiceEx functions
with SERVICE_CONTROL_STOP
to stop the service. The server
sets the service's status to
SERVICE_STOPPED. For more
information, see [MSDN-
CtrlSvc] and [MSDN-CtrlSvcEx].
The service asks the server to
set its service status to
SERVICE_STOP_PENDING using
the SetServiceStatus function
if it receives a stop request
while it is paused and requires
more time to stop. For more
information, see [MSDN-
SetSvcStatus].
The server stops a service at
system shutdown.
From state To state Cause

SERVICE_PAUSED SERVICE_STOPPED A client calls the

ControlService or
ControlServiceEx functions
with SERVICE_CONTROL_STOP
to stop the service. The server
sets the service's status to
SERVICE_STOPPED. For more
information, see [MSDN-
CtrlSvc] and [MSDN-CtrlSvcEx].
The service asks the server to
set its service status to
SERVICE_STOPPED using the
SetServiceStatus function if it
receives a stop request while it
is paused and is ready to stop.
For more information, see
[MSDN-SetSvcStatus].
The server stops a service at
system shutdown.

SERVICE_CONTINUE_PENDING SERVICE_RUNNING The service asks the server to

set its service status to
SERVICE_RUNNING using the
SetServiceStatus function if it
is ready to resume. For more
information, see [MSDN-
SetSvcStatus].
From state To state Cause

SERVICE_CONTINUE_PENDING SERVICE_STOP_PENDING A client calls the

ControlService or
ControlServiceEx functions
with SERVICE_CONTROL_STOP
to stop the service. The server
sets the service's status to
SERVICE_STOPPED. For more
information, see [MSDN-
CtrlSvc] and [MSDN-CtrlSvcEx].
The service asks the server to
set its service status to
SERVICE_STOP_PENDING using
the SetServiceStatus function
if it receives a stop request
while it is resuming and
requires more time to stop. For
more information, see [MSDN-
SetSvcStatus].
The server stops a service at
system shutdown.

SERVICE_CONTINUE_PENDING SERVICE_STOPPED A client calls the

ControlService or
ControlServiceEx functions
with SERVICE_CONTROL_STOP
to stop the service. The server
sets the service's status to
SERVICE_STOPPED. For more
information, see [MSDN-
CtrlSvc] and [MSDN-CtrlSvcEx].
The service asks the server to
set its service status to
SERVICE_STOPPED using the
SetServiceStatus function if it
receives a stop request while it
is resuming and is ready to
stop. For more information,
see [MSDN-SetSvcStatus].
The server stops a service at
system shutdown.

The Service Control Manager Remote Protocol is used to manage these services on a
remote machine by operating on the SCM on that machine.

The Service Control Manager maintains the following ADM elements.

Value Meaning

SCM database A collection of service records.

SecurityDescriptor A security descriptor, as specified in [MS-AZOD] section 1.1.1.3, that is used

to control an access to the SCM database.

GroupList An ordered list of strings that services can specify as a ServiceGroup.

BootAccepted A flag indicating whether a successful call to RNotifyBootConfigStatus has

already been made to the server.

This element is not accessible via any method and is internal to the protocol
implementation.

The SCM database is used by the Service Control Manager to add, modify, or configure
services. Updates to the database are atomic. In the database there is a unique record,
known as the service record, used to represent each installed service. A unique service
name is used as the key for each service record.

The Service Record maintains the following ADM elements.

Value Meaning

ServiceName A unique name for the service.

Used as the key for the service record in the SCM

database.
The string has a maximum length of
SC_MAX_NAME_LENGTH.
Null and empty strings are not permitted.
The string is null terminated.
The forward slash, back slash, comma, and space
characters are illegal in service names.
The case of the characters is preserved in the SCM
database; however, service name comparisons are
always case insensitive.
Value Meaning

DisplayName Service display name.

ANSI and Unicode character sets are supported.

This string has a maximum length of
SC_MAX_NAME_LENGTH.
Null and empty strings are permitted. When not null,
the string has to be null terminated.

The name is case-preserved in the Service Control Manager.

Display name comparisons are always case-insensitive.

Can specify a localized string using the following format:

<29>

@[path\]dllname,-strID
The string with identifier strID is loaded from
dllname; the path is optional.

The DisplayName cannot match any other DisplayName or

another ServiceName. The DisplayName can match the
ServiceName if it they both refer to the same service.

Description Description of the service.

ANSI and Unicode character sets are supported.

This string has a maximum length of 8192 characters.
Null and empty strings are permitted. When not null,
the string has to be null terminated.

DependOnService Service that starts before this service.

ANSI and Unicode character sets are supported.

This string has a maximum length of the size of
SC_MAX_DEPEND_SIZE.
Null and empty strings are permitted. When not null,
the string has to be double null terminated.
Multiple service names are separated by a null.
Direct or indirect circular dependencies on the same
service are not allowed.

ErrorControl Severity of the error if this service fails to start during

startup. For the supported values, see dwErrorControl in
section 3.1.4.11.
Value Meaning

FailureActions Actions that the service controller takes on each failure of

the service.

These actions are queried and set using

SERVICE_FAILURE_ACTIONSA (section 2.2.39) and
SERVICE_FAILURE_ACTIONSW (section 2.2.40) via the
RQueryServiceConfig2A (section 3.1.4.36),
RQueryServiceConfig2W (section 3.1.4.37),
RChangeServiceConfig2A (section 3.1.4.34), and
RChangeServiceConfig2W (section 3.1.4.35) server methods.

ServiceGroup Name of the service group the service belongs to for the
purposes of load ordering. Each service can optionally
specify only one group name.

ImagePath Full qualified path to the service binary file.

ObjectName If the service is a user-mode program, the name of the

account under which the service executes. If the service is a
driver, the name of the driver object that IO manager
creates for the driver in the ObjectManager namespace.

Password Password associated with the account specified in

ObjectName.

RequiredPrivileges Required privileges for the service. Privileges determine the

type of system operations that can be performed. The
privilege constants are detailed in [MS-LSAD] Privilege Data
Model (section 3.1.1.2.1).

ServiceSidType Type of service security identifier (SID).

FailureActionsOnNonCrashFailures Failure action setting of a service that determines when

FailureActions are to be executed.

DependOnGroup Service groups that MUST be started before this service.

Start Defines when to start the service.

Type Type of service.

TriggerInfo Trigger setting of the service.<30>

PreferredNode Preferred node setting of the service.<31>

Value Meaning

Tag A number that is unique within the Group. Refer to the

definition of Group as defined previously in this table.

For driver services that have SERVICE_BOOT_START or

SERVICE_SYSTEM_START start types [see dwStartType in
RChangeServiceConfigW (section 3.1.4.11),
RCreateServiceW (section 3.1.4.12), RChangeServiceConfigA
(section 3.1.4.22), RCreateServiceA (section 3.1.4.23), and
RCreateServiceWOW64A (section 3.1.4.41)], the server starts
each service based on its Tag's position within the Group.

SecurityDescriptor A security descriptor, as specified in [MS-AZOD] section

1.1.1.3, that describes the client access rights for changing
service configuration.

ServiceStatus The server maintains a SERVICE_STATUS (section 2.2.47) to

keep track of the service runtime information.

HandleCount Counter for the number of RPC context handles currently

created for this service record.

This element is not accessible via any method and is

internal to the protocol implementation.

Deleted The flag that is set when the service record has been
marked for deletion.

This element is not accessible via any method and is

internal to the protocol implementation.
3.1.2 Timers
Article02/14/2019

None.
3.1.3 Initialization
Article02/14/2019

The Service Control Manager Remote Protocol server is initialized by registering the RPC
interface and listening on the RPC well-known endpoint, as specified in section 2.1. The
server MUST then wait for Service Control Manager Remote Protocol clients to establish
a connection.
3.1.4 Message Processing Events and
Sequencing Rules
Article01/04/2022

All Service Control Manager Remote Protocol operations begin with the client
connection to the remote SCM and the client request to open the SCM database. After
this database is opened, an RPC context handle is associated with this opened database,
and this handle is returned to the client. The client can then perform operations on this
database; for example, enumerate a list of existing services, open existing services, or
install new services using this handle.

To operate on a service, the client MUST first request that the service be opened. After
this service is opened, an RPC context handle is associated with this opened service and
this handle is returned to the client. The client can then perform operations on the
service; for example, change configuration, start, or stop.

When opening the database or a service, the server MUST open it with the access rights
requested by the client if the client has sufficient permissions for the requested
operation.

Note that the server SHOULD not open if the client does not have sufficient access
rights for the requested operation. Similarly, the server MUST fail specific operations if
the database or the service was not opened with sufficient access rights.

The access rights are represented as a bit field, and in addition to the standard access
rights, as specified in ACCESS_MASK of [MS-DTYP], the Service Control Manager Remote
Protocol MUST support the following access rights.

Value Meaning

SERVICE_ALL_ACCESS In addition to all access rights in this table,

SERVICE_ALL_ACCESS includes Delete (DE), Read Control
0x000F01FF (RC), Write DACL (WD), and Write Owner (WO) access, as
specified in ACCESS_MASK (section 2.4.3) of [MS-DTYP].

SERVICE_CHANGE_CONFIG Required to change the configuration of a service.

0x00000002

SERVICE_ENUMERATE_DEPENDENTS Required to enumerate the services installed on the server.

0x00000008
Value Meaning

SERVICE_INTERROGATE Required to request immediate status from the service.

0x00000080

SERVICE_PAUSE_CONTINUE Required to pause or continue the service.

0x00000040

SERVICE_QUERY_CONFIG Required to query the service configuration.

0x00000001

SERVICE_QUERY_STATUS Required to request the service status.

0x00000004

SERVICE_START Required to start the service.

0x00000010

SERVICE_STOP Required to stop the service.

0x00000020

SERVICE_USER_DEFINED_CONTROL Required to specify a user-defined control code.

0x00000100

SERVICE_SET_STATUS Required for a service to set its status.

0x00008000

Specific access types for Service Control Manager object:

Value Meaning

SC_MANAGER_LOCK Required to lock the SCM database.

0x00000008

SC_MANAGER_CREATE_SERVICE Required for a service to be created.

0x00000002

SC_MANAGER_ENUMERATE_SERVICE Required to enumerate a service.

0x00000004

SC_MANAGER_CONNECT Required to connect to the SCM.

0x00000001
Value Meaning

SC_MANAGER_QUERY_LOCK_STATUS Required to query the lock status of the SCM database.

0x00000010

SC_MANAGER_MODIFY_BOOT_CONFIG Required to call the RNotifyBootConfigStatus method.

0x0020

The remainder of this section describes the server behavior for the RPC methods
supported by the Service Control Manager Remote Protocol. The protocol clients can
invoke the RPC methods specified in this section in any order after a Service Control
Manager Remote Protocol session is established with the server. The outcome of the
calls depends on the parameters passed to each of those calls. Clients and servers
SHOULD<32> support multiplexed connections, as specified in [MS-RPCE] section
3.3.1.5.8.

Methods in RPC Opnum Order

Method Description

RCloseServiceHandle Closes handles to the SCM and any other associated services.

Opnum: 0

RControlService Receives a control code for a specific service handle, as specified

by the client.

Opnum: 1

RDeleteService Marks the specified service for deletion from the SCM database.

Opnum: 2

RLockServiceDatabase Acquires a lock on a service database.

Opnum: 3

RQueryServiceObjectSecurity Returns a copy of the security descriptor associated with a service.

Opnum: 4

RSetServiceObjectSecurity Sets the security descriptor associated with a service.

Opnum: 5

RQueryServiceStatus Returns the current status of the specified service.

Opnum: 6
Method Description

RSetServiceStatus Updates the SCM status information for the calling service.

Opnum: 7

RUnlockServiceDatabase Releases a lock on a service database.

Opnum: 8

RNotifyBootConfigStatus Reports the boot status to the SCM.

Opnum: 9

Opnum10NotUsedOnWire Reserved for local use.

Opnum: 10

RChangeServiceConfigW Changes the configuration parameters of a service.

Opnum: 11

RCreateServiceW Creates a service and adds it to the specified SCM database.

Opnum: 12

REnumDependentServicesW Returns the name and status of each service that depends on the
specified service.

Opnum: 13

REnumServicesStatusW Enumerates services in the specified SCM database.

Opnum: 14

ROpenSCManagerW Establishes a connection to the SCM on the specified computer

and opens the specified SCM database.

Opnum: 15

ROpenServiceW Opens a handle to an existing service.

Opnum: 16

RQueryServiceConfigW Returns the configuration parameters of the specified service.

Opnum: 17

RQueryServiceLockStatusW Returns the lock status of the specified SCM database.

Opnum: 18
Method Description

RStartServiceW Starts a specified service.

Opnum: 19

RGetServiceDisplayNameW Returns the display name of the specified service.

Opnum: 20

RGetServiceKeyNameW Returns the key name of the specified service.

Opnum: 21

Opnum22NotUsedOnWire Reserved for local use.

Opnum: 22

RChangeServiceConfigA Changes the configuration parameters of a service.

Opnum: 23

RCreateServiceA Creates a service object and adds it to the specified SCM

database.

Opnum: 24

REnumDependentServicesA Returns the name and status of each service that depends on the
specified service.

Opnum: 25

REnumServicesStatusA Enumerates services in the specified SCM database.

Opnum: 26

ROpenSCManagerA Opens a connection to the SCM from the client and opens the
specified SCM database.

Opnum: 27

ROpenServiceA Opens a handle to an existing service.

Opnum: 28

RQueryServiceConfigA Returns the configuration parameters of the specified service.

Opnum: 29

RQueryServiceLockStatusA Returns the lock status of the specified SCM database.

Opnum: 30
Method Description

RStartServiceA Starts a specified service.

Opnum: 31

RGetServiceDisplayNameA Returns the display name of the specified service.

Opnum: 32

RGetServiceKeyNameA Returns the key name of the specified service.

Opnum: 33

Opnum34NotUsedOnWire Reserved for local use.

Opnum: 34

REnumServiceGroupW Returns the members of a service group.

Opnum: 35

RChangeServiceConfig2A Changes the optional configuration parameters of a service.

Opnum: 36

RChangeServiceConfig2W Changes the optional configuration parameters of a service.

Opnum: 37

RQueryServiceConfig2A Returns the optional configuration parameters of the specified

service.

Opnum: 38

RQueryServiceConfig2W Returns the optional configuration parameters of the specified

service.

Opnum: 39

RQueryServiceStatusEx Returns the current status of the specified service, based on the
specified information level.

Opnum: 40

REnumServicesStatusExA Enumerates services in the specified SCM database, based on the

specified information level.

Opnum: 41

REnumServicesStatusExW Enumerates services in the specified SCM database, based on the

specified information level.

Opnum: 42
Method Description

Opnum43NotUsedOnWire Reserved for local use.

Opnum: 43

RCreateServiceWOW64A Creates a 32-bit service in a 64-bit memory frame with the path to
the file image automatically adjusted to point to the
"%windir%\syswow64" area of the system drive. This method
accepts ANSI strings, converting them to Unicode strings where
required.

Opnum: 44

RCreateServiceWOW64W Creates a 32-bit service in a 64-bit memory frame with the path to
the file image automatically adjusted to point to the
"%windir%\syswow64" area of the system drive. This method
directly supports Unicode string values.

Opnum: 45

Opnum46NotUsedOnWire Reserved for local use.

Opnum: 46

RNotifyServiceStatusChange Allows the client to receive a notification when the specified

service is created or deleted or when its status changes.

Opnum: 47

RGetNotifyResults Returns notification information whenever the specified status

change occurs on a specified service.

Opnum: 48

RCloseNotifyHandle Unregisters the client from receiving future notifications from the
server for specified status changes on a specified service.

Opnum: 49

RControlServiceExA Receives a control code for a specific service.

Opnum: 50

RControlServiceExW Receives a control code for a specific service.

Opnum: 51

Opnum52NotUsedOnWire Reserved for local use.

Opnum: 52
Method Description

Opnum53NotUsedOnWire Reserved for local use.

Opnum: 53

Opnum54NotUsedOnWire Reserved for local use.

Opnum: 54

Opnum55NotUsedOnWire Reserved for local use.

Opnum: 55

RQueryServiceConfigEx Returns the optional configuration parameters of the specified

service.<33>

Opnum: 56

Opnum57NotUsedOnWire Reserved for local use.

Opnum: 57

Opnum58NotUsedOnWire Reserved for local use.

Opnum: 58

Opnum59NotUsedOnWire Reserved for local use.

Opnum: 59

RCreateWowService The RCreateWowService method creates a service whose binary is

compiled for a specified computer architecture. The path to the
file image is automatically adjusted to point to the correct WoW-
redirected location. This method directly supports Unicode string
values.

Opnum: 60

Opnum61NotUsedOnWire Reserved for local use.

Opnum: 61

Opnum62NotUsedOnWire Reserved for local use.

Opnum: 62

Opnum63NotUsedOnWire Reserved for local use.

Opnum: 63
Method Description

ROpenSCManager2 Establishes a connection to the SCM on the specified computer

and opens the specified SCM database.

Opnum: 64

All methods MUST NOT throw exceptions.

Note that gaps in the opnum numbering sequence represent opnums that MUST
NOT<34> be used over the wire.
3.1.4.1 RCloseServiceHandle (Opnum 0)
Article10/30/2020

The RCloseServiceHandle method is called by the client. In response, the server releases
the handle to the specified service or the SCM database.

DWORD RCloseServiceHandle(
[in, out] LPSC_RPC_HANDLE hSCObject
);

hSCObject: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to a
service record or to the SCM database that MUST have been created previously using
one of the open methods specified in section 3.1.4.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns the following error code.

Return value/code Description

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

0xFFFF75FD The operation completed successfully. Additionally, the passed

handle was the last one created for the associated service record that
was previously used in a successful call to the
RNotifyServiceStatusChange (section 3.1.4.43) method.

0xFFFF75FE The operation completed successfully. Additionally, the passed

handle was previously used in a successful call to the
RNotifyServiceStatusChange method.

In response to this request from the client, for a successful operation, the server MUST
close the handle to the service record or the SCM database specified by the hSCObject
parameter specified in the client request.

If hSCObject is the RPC control handle that has been created for the service record, the
server MUST decrement the HandleCount field of the service record. If the Deleted field
of the service record indicates that RDeleteService has been successfully called with the
RPC control handle created for the same service record, and HandleCount indicates that
hSCObject is the last RPC control handle created for this service record, the server MUST
delete the service record.
3.1.4.2 RControlService (Opnum 1)
Article04/27/2022

The RControlService method receives a control code for a specific service handle, as
specified by the client.

DWORD RControlService(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwControl,
[out] LPSERVICE_STATUS lpServiceStatus
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously using one of the open methods
specified in section 3.1.4.

dwControl: Requested control code. MUST be one of the following values.

Value Meaning

SERVICE_CONTROL_CONTINUE Notifies a paused service that it SHOULD resume. The

SERVICE_PAUSE_CONTINUE access right MUST have
0x00000003 been granted to the caller when the RPC control handle
to the service record was created. The service record
MUST have the SERVICE_ACCEPT_PAUSE_CONTINUE bit
set in the ServiceStatus.dwControlsAccepted field of the
service record.

SERVICE_CONTROL_INTERROGATE Notifies a service that it SHOULD report its current status

information to the SCM. The SERVICE_INTERROGATE
0x00000004 access right MUST have been granted to the caller when
the RPC control handle to the service record was created.

SERVICE_CONTROL_NETBINDADD Notifies a service that there is a new component for

binding. The SERVICE_PAUSE_CONTINUE access right
0x00000007 MUST have been granted to the caller when the RPC
control handle to the service record was created. The
service record MUST have the
SERVICE_ACCEPT_NETBINDCHANGE bit set in the
ServiceStatus.dwControlsAccepted field of the service
record.
Value Meaning

SERVICE_CONTROL_NETBINDDISABLE Notifies a network service that one of its bindings has

been disabled. The SERVICE_PAUSE_CONTINUE access
0x0000000A right MUST have been granted to the caller when the
RPC control handle to the service record was created.
The service record MUST have the
SERVICE_ACCEPT_NETBINDCHANGE bit set in the
ServiceStatus.dwControlsAccepted field of the service
record.

SERVICE_CONTROL_NETBINDENABLE Notifies a network service that a disabled binding has

been enabled. The SERVICE_PAUSE_CONTINUE access
0x00000009 right MUST have been granted to the caller when the
RPC control handle to the service record was created.
The service record MUST have the
SERVICE_ACCEPT_NETBINDCHANGE bit set in the
ServiceStatus.dwControlsAccepted field of the service
record.

SERVICE_CONTROL_NETBINDREMOVE Notifies a network service that a component for binding

has been removed. The SERVICE_PAUSE_CONTINUE
0x00000008 access right MUST have been granted to the caller when
the RPC control handle to the service record was created.
The service record MUST have the
SERVICE_ACCEPT_NETBINDCHANGE bit set in the
ServiceStatus.dwControlsAccepted field of the service
record.

SERVICE_CONTROL_PARAMCHANGE Notifies a service that its startup parameters have

changed. The SERVICE_PAUSE_CONTINUE access right
0x00000006 MUST have been granted to the caller when the RPC
control handle to the service record was created. The
service record MUST have the
SERVICE_ACCEPT_PARAMCHANGE bit set in the
ServiceStatus.dwControlsAccepted field of the service
record.

SERVICE_CONTROL_PAUSE Notifies a service that it SHOULD pause. The

SERVICE_PAUSE_CONTINUE access right MUST have
0x00000002 been granted to the caller when the RPC control handle
to the service record was created. The service record
MUST have the SERVICE_ACCEPT_PAUSE_CONTINUE bit
set in the ServiceStatus.dwControlsAccepted field of the
service record.
Value Meaning

SERVICE_CONTROL_STOP Notifies a service that it SHOULD stop. The

SERVICE_STOP access right MUST have been granted to
0x00000001 the caller when the RPC control handle to the service
record was created. The service record MUST have the
SERVICE_ACCEPT_STOP bit set in the
ServiceStatus.dwControlsAccepted field of the service
record.

Services can define their own codes in the range 128-255.

lpServiceStatus: Pointer to a SERVICE_STATUS (section 2.2.47) structure that receives the

latest service status information. The returned information reflects the most recent
status that the service reported to the SCM.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The required access right had not been granted to

the caller when the RPC context handle to the service
ERROR_ACCESS_DENIED record was created.

1051 The service cannot be stopped because other

running services are dependent on it.
ERROR_DEPENDENT_SERVICES_RUNNING

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 The requested control code is undefined

ERROR_INVALID_PARAMETER

1052 The requested control code is not valid, or it is

unacceptable to the service.
ERROR_INVALID_SERVICE_CONTROL

1053 The process for the service was started, but it did not
respond within an implementation-specific time-out.
ERROR_SERVICE_REQUEST_TIMEOUT <35>

1061 The requested control code cannot be sent to the

service because the ServiceStatus.dwCurrentState in
ERROR_SERVICE_CANNOT_ACCEPT_CTRL the service record is SERVICE_START_PENDING or
SERVICE_STOP_PENDING.
Return value/code Description

1062 The service has not been started, or the

ServiceStatus.dwCurrentState in the service record is
ERROR_SERVICE_NOT_ACTIVE SERVICE_STOPPED.

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation, the SCM MUST
send the control specified in the dwControl parameter to the service created for the
service record identified by the hService parameter of the client request if the type of the
service record is SERVICE_WIN32_OWN_PROCESS or SERVICE_WIN32_SHARE_PROCESS.

If the type of the service record is SERVICE_KERNEL_DRIVER or

SERVICE_FILESYSTEM_DRIVER, and dwControl parameter is not
SERVICE_CONTROL_INTERROGATE or SERVICE_CONTROL_STOP, the SCM MUST fail the
request with ERROR_INVALID_SERVICE_CONTROL.

If the type of the service record is SERVICE_KERNEL_DRIVER or

SERVICE_FILESYSTEM_DRIVER, the SCM MUST query the current status of the driver
from the IO manager and set the ServiceStatus.dwCurrentState of the service record to
SERVICE_RUNNING if driver is loaded and SERVICE_STOPPED if it is not.

If the dwControl is not SERVICE_CONTROL_INTERROGATE and type of the service record

is SERVICE_KERNEL_DRIVER or SERVICE_FILESYSTEM_DRIVER and the driver is managed
by the PnP subsystem, the SCM MUST fail the request with
ERROR_INVALID_SERVICE_CONTROL.

If the ServiceStatus.dwControlsAccepted field of the service record does not have a

required SERVICE_ACCEPT_xxx bit set, the SCM MUST fail the request with
ERROR_INVALID_SERVICE_CONTROL.

In response to this request from the client, for a successful operation the server MUST
set the ServiceStatus from the service record identified by the hService parameter of the
request in the lpServiceStatus parameter.

The server SHOULD fill in the lpServiceStatus structure only when RControlService
returns one of the following error codes: NO_ERROR,
ERROR_INVALID_SERVICE_CONTROL, ERROR_SERVICE_CANNOT_ACCEPT_CTRL,
ERROR_DEPENDENT_SERVICES_RUNNING, or ERROR_SERVICE_NOT_ACTIVE.
3.1.4.3 RDeleteService (Opnum 2)
Article10/30/2020

The RDeleteService method marks the specified service for deletion from the SCM
database.

DWORD RDeleteService(
[in] SC_RPC_HANDLE hService
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously, using one of the open methods
specified in section 3.1.4. The DELETE access right MUST have been granted to the caller
when the RPC context handle to the service record was created.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The DELETE access right had not been granted to the

caller when the RPC context handle to the service
ERROR_ACCESS_DENIED record was created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

1072 The RDeleteService has already been called for the

service record identified by the hService parameter.
ERROR_SERVICE_MARKED_FOR_DELETE

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

The server MUST change the Start in the service record to SERVICE_DISABLED.

The server MUST set the Deleted field to TRUE in the service record to indicate that the
deletion is pending.

The server MUST delete the service record when the last RPC context handle created for
the service has been closed by a call to the RCloseServiceHandle (section 3.1.4.1)
function.
3.1.4.4 RLockServiceDatabase (Opnum
3)
Article10/30/2020

The RLockServiceDatabase method acquires a lock on an SCM database.

DWORD RLockServiceDatabase(
[in] SC_RPC_HANDLE hSCManager,
[out] LPSC_RPC_LOCK lpLock
);

hSCManager: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the SCM database created using one of the open methods specified in section 3.1.4. The
caller MUST be granted the SC_MANAGER_LOCK access right when the RPC context
handle is created.

lpLock: An LPSC_RPC_LOCK (section 2.2.5) data type that defines the handle to the
resulting database lock.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SC_MANAGER_LOCK access rights had not been

granted to the caller when the RPC context handle was
ERROR_ACCESS_DENIED created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

1055 The service database is locked.

ERROR_SERVICE_DATABASE_LOCKED

In response to this request from the client, for a successful operation, the server
SHOULD lock the SCM database identified by the hSCManager parameter of the client
request.<36>

After the database is locked, the server MUST respond with error code
ERROR_SERVICE_DATABASE_LOCKED (1055) for future RLockServiceDatabase,
RStartServiceW, and RStartServiceA RPCs. All other methods are unaffected.<37>
If the client holding the lock crashes or does not cleanly shut down, then an RPC context
handle rundown callback executes on the server to release the lock. See [MS-RPCE]
section 3.3.3.2.1 Connection Time-out.
3.1.4.5 RQueryServiceObjectSecurity
(Opnum 4)
Article10/30/2020

The RQueryServiceObjectSecurity method returns a copy of the SECURITY_DESCRIPTOR

structure associated with a service object.

DWORD RQueryServiceObjectSecurity(
[in] SC_RPC_HANDLE hService,
[in] SECURITY_INFORMATION dwSecurityInformation,
[out, size_is(cbBufSize)] LPBYTE lpSecurityDescriptor,
[in, range(0, 1024*256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to a
service record or to the SCM database that MUST have been created previously using
one of the open methods specified in section 3.1.4.

dwSecurityInformation: A SECURITY_INFORMATION (section 2.2.1) type definition that

specifies the security information being requested.

lpSecurityDescriptor: A pointer to a buffer that contains a copy of the

SECURITY_DESCRIPTOR structure (as specified in [MS-DTYP] section 2.4.6) for the
specified service object.

cbBufSize: Size, in bytes, of the buffer to which the lpSecurityDescriptor parameter

points.

pcbBytesNeeded: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of bytes needed to return all the requested
SECURITY_DESCRIPTOR information if the method fails.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The required access rights had not been granted to the caller
when the RPC context handle was created.
ERROR_ACCESS_DENIED
Return value/code Description

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

122 The data area passed to a system call is too small.

ERROR_INSUFFICIENT_BUFFER

The client MAY provide a combination of one or more SECURITY_INFORMATION bit

flags for dwSecurityInformation.

If SACL_SECURITY_INFORMATION is specified for the dwSecurityInformation parameter,

then an ACCESS_SYSTEM_SECURITY right MUST have been granted to the caller when
hService was created. (See AS in ACCESS_MASK in [MS-DTYP] 2.4.3.)

If DACL_SECURITY_INFORMATION, LABEL_SECURITY_INFORMATION,
OWNER_SECURITY_INFORMATION, or GROUP_SECURITY_INFORMATION is specified for
the dwSecurityInformation parameter, then a READ_CONTROL right MUST have been
granted to the caller when hService was created. (See RC in ACCESS_MASK in [MS-DTYP]
2.4.3.)

In response to this request from the client, for a successful operation the server MUST
return a copy of the SECURITY_DESCRIPTOR structure containing requested information
obtained from the SecurityDescriptor for the service record or the SCM database
identified by the hService.

The server MUST return SECURITY_DESCRIPTOR in the buffer pointed to by the

lpSecurityDescriptor parameter. The information returned depends on the values
requested by the client in the dwSecurityInformation parameter.

The server MUST set the required buffer size, in bytes, in the pcbBytesNeeded parameter.
If the buffer pointed to by lpSecurityDescriptor is insufficient to hold all the configuration
data, the server MUST fail the call with ERROR_INSUFFICIENT_BUFFER (122).

The server MUST return ERROR_INVALID_PARAMETER (87) if dwSecurityInformation

contains bits not defined for SECURITY_INFORMATION (section 2.2.1).
3.1.4.6 RSetServiceObjectSecurity
(Opnum 5)
Article04/27/2022

The RSetServiceObjectSecurity method sets the SECURITY_DESCRIPTOR structure

associated with a service object.

DWORD RSetServiceObjectSecurity(
[in] SC_RPC_HANDLE hService,
[in] SECURITY_INFORMATION dwSecurityInformation,
[in, size_is(cbBufSize)] LPBYTE lpSecurityDescriptor,
[in] DWORD cbBufSize
);

dwSecurityInformation: A SECURITY_INFORMATION (section 2.2.1) type definition that

specifies the security information being set.

lpSecurityDescriptor: A pointer to a buffer of bytes that contains the new security

information.

cbBufSize: Size, in bytes, of the buffer pointed to by the lpSecurityDescriptor parameter.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The required access rights had not been granted to the

caller when the RPC context handle was created.
ERROR_ACCESS_DENIED

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER
Return value/code Description

1072 The RDeleteService method has been called with an

RPC context handle identifying the same service record
ERROR_SERVICE_MARKED_FOR_DELETE as the hService parameter for this call.

The client MAY provide a combination of one or more SECURITY_INFORMATION bit

flags for dwSecurityInformation.

If SACL_SECURITY_INFORMATION is specified via dwSecurityInformation, then an

ACCESS_SYSTEM_SECURITY right MUSThave been granted to the caller when hService
was created. (See WD in ACCESS_MASK in [MS-DTYP] 2.4.3.

If LABEL_SECURITY_INFORMATION or OWNER_SECURITY_INFORMATION or
GROUP_SECURITY_INFORMATION is specified via dwSecurityInformation, then a
WRITE_OWNER right MUST have been granted to the caller when hService was created.
(See WO in ACCESS_MASK in [MS-DTYP] 2.4.3.)

If DACL_SECURITY_INFORMATION is specified via dwSecurityInformation, then a

WRITE_DAC right MUST have been granted to the caller when hService was created. (See
WD in ACCESS_MASK in [MS-DTYP] 2.4.3.)

In response to this request from the client, for a successful operation the server MUST
apply the information from the SECURITY_DESCRIPTOR structure specified in the
lpSecurityDescriptor parameter to the SecurityDescriptor associated with the SCM or the
service record identified by the hService parameter of the request.
3.1.4.7 RQueryServiceStatus (Opnum 6)
Article06/24/2021

The RQueryServiceStatus method returns the current status of the specified service.

DWORD RQueryServiceStatus(
[in] SC_RPC_HANDLE hService,
[out] LPSERVICE_STATUS lpServiceStatus
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously using one of the open methods
specified in section 3.1.4. The SERVICE_QUERY_STATUS access right MUST have been
granted to the caller when the RPC context handle was created.

lpServiceStatus: Pointer to a SERVICE_STATUS (section 2.2.47) structure that contains the

status information for the service.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SERVICE_QUERY_STATUS access right had not been

granted to the caller when the RPC context handle was
ERROR_ACCESS_DENIED created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

3 The ImagePath of the service record identified by the

hService parameter does not exist.
ERROR_PATH_NOT_FOUND

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

If the type of the service record is SERVICE_KERNEL_DRIVER or

SERVICE_FILESYSTEM_DRIVER, the SCM queries the current status of the driver from the
operating system and set the ServiceStatus.dwCurrentState of the service record to
SERVICE_RUNNING if driver is loaded and to SERVICE_STOPPED if it is not.
In response to this request from the client, for a successful operation, the server MUST
set the ServiceStatus from the service record identified by the hService parameter of the
request in the lpServiceStatus parameter.

If no attempts to start the service for the service record identified by the hService
parameter have been made since the last boot, the server MUST set the
dwWin32ExitCode member of the lpServiceStatus parameter to 1077
ERROR_SERVICE_NEVER_STARTED.
3.1.4.8 RSetServiceStatus (Opnum 7)
Article04/27/2022

The RSetServiceStatus method updates the SCM status information for the calling
service.

DWORD RSetServiceStatus(
[in] SC_RPC_HANDLE hServiceStatus,
[in] LPSERVICE_STATUS lpServiceStatus
);

hServiceStatus: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the service record that MUST have been created previously using one of the open
methods specified in section 3.1.4. The SERVICE_SET_STATUS access right MUST have
been granted to the caller when the RPC context handle was created.

lpServiceStatus: Pointer to the SERVICE_STATUS (section 2.2.47) structure that contains

the latest status information for the service.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

6 Either the handle is no longer valid or the SERVICE_SET_STATUS

access rights had not been granted to the caller when the RPC
ERROR_INVALID_HANDLE context handle was created.

13 The data provided in the lpServiceStatus parameter is invalid.

ERROR_INVALID_DATA

The server MUST return ERROR_INVALID_DATA (13) if the following conditions are not
true:

lpServiceStatus->dwCurrentState MUST be one of the following values:

SERVICE_STOPPED

SERVICE_START_PENDING

SERVICE_STOP_PENDING

SERVICE_RUNNING
SERVICE_CONTINUE_PENDING

SERVICE_PAUSE_PENDING

SERVICE_PAUSED

Only one of the following bits can be set if the SERVICE_INTERACTIVE_PROCESS bit
is set in lpServiceStatus->dwServiceType:

SERVICE_WIN32_OWN_PROCESS

SERVICE_WIN32_SHARE_PROCESS

SERVICE_WIN32

Only one of the following bits can be set if the SERVICE_INTERACTIVE_PROCESS bit
is not set in lpServiceStatus->dwServiceType:

SERVICE_DRIVER

SERVICE_WIN32

SERVICE_WIN32_OWN_PROCESS

SERVICE_WIN32_SHARE_PROCESS

If any bits other than these are set in lpServiceStatus->dwControlsAccepted:

SERVICE_ACCEPT_STOP

SERVICE_ACCEPT_PAUSE_CONTINUE

SERVICE_ACCEPT_SHUTDOWN

SERVICE_ACCEPT_PRESHUTDOWN

SERVICE_ACCEPT_PARAMCHANGE

SERVICE_ACCEPT_HARDWAREPROFILECHANGE

SERVICE_ACCEPT_NETBINDCHANGE

SERVICE_ACCEPT_POWEREVENT

SERVICE_ACCEPT_SESSIONCHANGE

In response to this request from the service, for a successful operation the server MUST
update the ServiceStatus with the status specified by the service in the lpServiceStatus
parameter in the service record identified by the hServiceStatus parameter of the client
request.

In response to this request from the service, for a successful operation the server MUST
transition the service for the service record identified by the hService parameter to a new
state if the current value of ServiceStatus.dwCurrentState in the service record
ServiceState is different from lpServiceStatus->dwCurrentState (section 3.1.1).
3.1.4.9 RUnlockServiceDatabase (Opnum
8)
Article04/06/2021

The RUnlockServiceDatabase method releases a lock on a service database.

DWORD RUnlockServiceDatabase(
[in, out] LPSC_RPC_LOCK Lock
);

Lock: An LPSC_RPC_LOCK (section 2.2.5) data type that defines the database lock
context handle created by a previous call to the RLockServiceDatabase method.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns the following error code.

Return value/code Description

1071 The specified RPC context handle is invalid.

ERROR_INVALID_SERVICE_LOCK

In response to this request from the client, for a successful operation the server MUST
unlock the SCM database for the lock specified in the Lock parameter of the client
request. Once the database is unlocked, the server MUST stop responding with error
code ERROR_SERVICE_DATABASE_LOCKED (1055) for future RLockServiceDatabase,
RStartServiceW, and RStartServiceA RPCs until the database is locked again. All other
methods are unaffected.<38>
3.1.4.10 RNotifyBootConfigStatus
(Opnum 9)
Article04/27/2022

The RNotifyBootConfigStatus method reports the boot status to the SCM.

DWORD RNotifyBootConfigStatus(
[in, string, unique, range(0, SC_MAX_COMPUTER_NAME_LENGTH)]
SVCCTL_HANDLEW lpMachineName,
[in] DWORD BootAcceptable
);

lpMachineName: An SVCCTL_HANDLEW (section 2.2.3) data type that defines the

handle that contains the UNICODE string name of the server to be notified.

BootAcceptable: A value that specifies whether the configuration used when booting
the system is acceptable. MUST be one of the following values.

Value Meaning

0x00000000 < Server saves the configuration as the last-known good configuration.
value

0x00000000 Server immediately reboots, using the previously saved last-known good
configuration.

Return Values: The method returns ERROR_SUCCESS (0x00000000) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The caller does not have the

SC_MANAGER_MODIFY_BOOT_CONFIG access rights
ERROR_ACCESS_DENIED granted in the SCM Security Descriptor.

1074 The system is currently running with the last-known-good

configuration.
ERROR_ALREADY_RUNNING_LKG

1076 The BootAccepted field of the SCM on the target machine

indicated that a successful call to RNotifyBootConfigStatus
ERROR_BOOT_ALREADY_ACCEPTED has already been made.
In response to this request from the client, for a successful operation the server MUST
either save the current configuration as the last-known good configuration or MUST
reboot the server by using the previously saved last-known good configuration based
on the value specified in the BootAcceptable parameter of the client request.

In response to this request from the client, the server MUST set the BootAccepted field
of the SCM to TRUE to indicate that a boot has been accepted. If the BootAccepted field
of the SCM already indicates that a boot has been accepted, the server MUST fail the
request with ERROR_BOOT_ALREADY_ACCEPTED.

If the BootAcceptable parameter is 0x00000000, the method does not return.

3.1.4.11 RChangeServiceConfigW
(Opnum 11)
Article04/27/2022

The RChangeServiceConfigW method changes a service's configuration parameters in

the SCM database.

DWORD RChangeServiceConfigW(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwServiceType,
[in] DWORD dwStartType,
[in] DWORD dwErrorControl,
[in, string, unique, range(0, SC_MAX_PATH_LENGTH)]
wchar_t* lpBinaryPathName,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpLoadOrderGroup,
[in, out, unique] LPDWORD lpdwTagId,
[in, unique, size_is(dwDependSize)]
LPBYTE lpDependencies,
[in, range(0, SC_MAX_DEPEND_SIZE)]
DWORD dwDependSize,
[in, string, unique, range(0, SC_MAX_ACCOUNT_NAME_LENGTH)]
wchar_t* lpServiceStartName,
[in, unique, size_is(dwPwSize)]
LPBYTE lpPassword,
[in, range(0, SC_MAX_PWD_SIZE)]
DWORD dwPwSize,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpDisplayName
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously, using one of the open methods
specified in section 3.1.4. The SERVICE_CHANGE_CONFIG access right MUST have been
granted to the caller when the RPC context handle to the service record was created.

dwServiceType: A Type value for the service record (section 3.1.1) that specifies the type
of service. This MUST be one of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER A driver service. These are services that manage devices on

the system.
0x00000001
Value Meaning

SERVICE_FILE_SYSTEM_DRIVER A file system driver service. These are services that manage
file systems on the system.
0x00000002

SERVICE_WIN32_OWN_PROCESS Service that runs in its own process.

0x00000010

SERVICE_WIN32_SHARE_PROCESS Service that shares a process with other services.

0x00000020

SERVICE_NO_CHANGE Service type does not change.

0xFFFFFFFF

The following flag can also be combined with the value passed in dwServiceStartType:

Value Meaning

SERVICE_INTERACTIVE_PROCESS The service can interact with the desktop.

0x00000100

dwStartType: A Start value for the service record (section 3.1.1) that specifies when to
start the service. This MUST be one of the following values.

Value Meaning

SERVICE_BOOT_START Starts the driver service when the system boots up. This value is valid
only for driver services.
0x00000000

SERVICE_AUTO_START Starts the service automatically during system startup.

0x00000002

SERVICE_DEMAND_START Starts the service when a client requests the SCM to start the service.

0x00000003

SERVICE_DISABLED Service cannot be started.

0x00000004
Value Meaning

SERVICE_NO_CHANGE Service start type does not change.

0xFFFFFFFF

dwErrorControl: An ErrorControl value for the service record (section 3.1.1) that specifies
the severity of the error if the service fails to start and determines the action that the
SCM takes. MUST be one of the following values.

Value Meaning

SERVICE_ERROR_IGNORE The SCM ignores the error and continues the startup operation.

0x00000000

SERVICE_ERROR_NORMAL The SCM logs the error and displays a message box, but continues
the startup operation.
0x00000001

SERVICE_ERROR_SEVERE The SCM logs the error. If the last-known good configuration is
being started, the startup operation continues. Otherwise, the
0x00000002 system is restarted with the last-known good configuration.

SERVICE_ERROR_CRITICAL The SCM SHOULD log the error if possible. If the last-known good
configuration is being started, the startup operation fails. Otherwise,
0x00000003 the system is restarted with the last-known good configuration.

SERVICE_NO_CHANGE Service error control type does not change.

0xFFFFFFFF

lpBinaryPathName: An ImagePath value for the service record (section 3.1.1) as a

pointer to a null-terminated UNICODE string name. The pointer contains the fully
qualified path to the service binary file. The path MAY include arguments. If the path
contains a space, it MUST be quoted so that it is correctly interpreted. For example,
"d:\\my share\\myservice.exe" is specified as "\"d:\\my share\\myservice.exe\"".

lpLoadOrderGroup: A Group value for the service record (section 3.1.1) as a pointer to a
null-terminated UNICODE string that names the load-ordering group of which this
service is a member.

Specify NULL or an empty string if the service does not belong to a load-ordering
group.

lpdwTagId: A Tag value for the service record (section 3.1.1) as a pointer to a variable
that receives a tag value. The value is unique to the group specified in the
lpLoadOrderGroup parameter.
lpDependencies: DependOnService and DependOnGroup values for the service record
(section 3.1.1) as a pointer to an array of null-separated names of services or load
ordering groups that MUST start before this service. The array is doubly null-terminated.
Load ordering group names are prefixed with a "+" character (to distinguish them from
service names). If the pointer is NULL or if it points to an empty string, the service has no
dependencies. Cyclic dependency between services is not allowed. The character set is
Unicode. Dependency on a service means that this service can only run if the service it
depends on is running. Dependency on a group means that this service can run if at
least one member of the group is running after an attempt to start all members of the
group.

dwDependSize: The size, in bytes, of the string specified by the lpDependencies

parameter.

lpServiceStartName: An ObjectName value for the service record (section 3.1.1) as a

pointer to a null-terminated UNICODE string that specifies the name of the account
under which the service runs.

lpPassword: A Password value for the service record (section 3.1.1) as a pointer to a null-
terminated UNICODE string that contains the password of the account whose name was
specified by the lpServiceStartName parameter.

dwPwSize: The size, in bytes, of the password specified by the lpPassword parameter.

lpDisplayName: A DisplayName value for the service record (section 3.1.1) as a pointer
to a null-terminated UNICODE string that contains the display name that applications
can use to identify the service for its users.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise it returns one of the following error codes.

Return value/code Description

5 The SERVICE_CHANGE_CONFIG access right had not

been granted to the caller when the RPC context handle
ERROR_ACCESS_DENIED to the service record was created.

6 The handle specified is invalid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER
Return value/code Description

1057 The user account name specified in the

lpServiceStartName parameter does not exist.
ERROR_INVALID_SERVICE_ACCOUNT

1059 A circular service dependency was specified.

ERROR_CIRCULAR_DEPENDENCY

1078 The lpDisplayName matches either the ServiceName or

the DisplayName of another service record in the
ERROR_DUPLICATE_SERVICE_NAME service control manager database.

1072 The RDeleteService has been called for the service

record identified by the hService parameter.
ERROR_SERVICE_MARKED_FOR_DELETE

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
use the values from the appropriate parameters of the client request to update the
service record identified by the hService parameter in the SCM database:

If the client passes NULL for lpBinaryPathName, the server MUST keep the existing
ImagePath value.

If the client passes NULL for lpLoadOrderGroup, the server MUST keep the existing
ServiceGroup value.

If the client passes NULL for lpdwTagId, the server MUST keep the existing Tag
value.

If the client passes NULL for lpDependencies, the server MUST keep the existing
DependOnService and DependOnGroup values.

If the client passes NULL for lpServiceStartName, the server MUST keep the existing
ObjectName value.

If the client passes NULL for lpPassword, the server MUST keep the existing
Password value.

If the client passes NULL for lpDisplayName, the server MUST keep the existing
DisplayName value.
If the original service type is SERVICE_WIN32_OWN_PROCESS or
SERVICE_WIN32_SHARE_PROCESS, the server MUST fail the call if dwServiceType is set to
SERVICE_FILE_SYSTEM_DRIVER or SERVICE_KERNEL_DRIVER.<39>

If dwServiceType is set to SERVICE_WIN32_OWN_PROCESS or

SERVICE_WIN32_SHARE_PROCESS and is combined with the
SERVICE_INTERACTIVE_PROCESS bit, and the ObjectName field of the service record is
not equal to "LocalSystem", the server MUST fail the request with
ERROR_INVALID_PARAMETER.

If the service has a PreferredNode setting and the client requested a change in service
type other than SERVICE_WIN32_OWN_PROCESS, the server MUST fail the call with
ERROR_INVALID_PARAMETER (87).

If the service is a member of a load-order group has a start type of delayed autostart
(see section 2.2.33), then the server MUST fail the call with ERROR_INVALID_PARAMETER
(87).

If lpdwTagId has a valid value and lpLoadOrderGroup is either NULL or an empty string,
then the server MUST return ERROR_INVALID_PARAMETER.

For service record changes to apply to the running service, the service MUST be stopped
and started back up, except in the case of lpDisplayName. Changes to lpDisplayName
take effect immediately.

If lpBinaryPathName contains arguments, the server MUST pass these arguments to the
service entry point.
3.1.4.12 RCreateServiceW (Opnum 12)
Article04/27/2022

The RCreateServiceW method creates the service record in the SCM database.

DWORD RCreateServiceW(
[in] SC_RPC_HANDLE hSCManager,
[in, string, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpServiceName,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpDisplayName,
[in] DWORD dwDesiredAccess,
[in] DWORD dwServiceType,
[in] DWORD dwStartType,
[in] DWORD dwErrorControl,
[in, string, range(0, SC_MAX_PATH_LENGTH)]
wchar_t* lpBinaryPathName,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpLoadOrderGroup,
[in, out, unique] LPDWORD lpdwTagId,
[in, unique, size_is(dwDependSize)]
LPBYTE lpDependencies,
[in, range(0, SC_MAX_DEPEND_SIZE)]
DWORD dwDependSize,
[in, string, unique, range(0, SC_MAX_ACCOUNT_NAME_LENGTH)]
wchar_t* lpServiceStartName,
[in, unique, size_is(dwPwSize)]
LPBYTE lpPassword,
[in, range(0, SC_MAX_PWD_SIZE)]
DWORD dwPwSize,
[out] LPSC_RPC_HANDLE lpServiceHandle
);

hSCManager: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the SCM database created using one of the open methods specified in section 3.1.4. The
SC_MANAGER_CREATE_SERVICE access right MUST have been granted to the caller
when the RPC context handle was created.

lpServiceName: A pointer to a null-terminated UNICODE string that specifies the name

of the service to install. This MUST not be NULL.

The forward slash, back slash, comma, and space characters are illegal in service names.

lpDisplayName: A pointer to a null-terminated UNICODE string that contains the

display name by which user interface programs identify the service.
dwDesiredAccess: A value that specifies the access to the service. This MUST be one of
the values as specified in section 3.1.4.

dwServiceType: A value that specifies the type of service. This MUST be one or a
combination of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER A driver service. These are services that manage devices on

the system.
0x00000001

SERVICE_FILE_SYSTEM_DRIVER A file system driver service. These are services that manage
file systems on the system.
0x00000002

SERVICE_WIN32_OWN_PROCESS Service that runs in its own process.

0x00000010

SERVICE_WIN32_SHARE_PROCESS Service that shares a process with other services.

0x00000020

SERVICE_INTERACTIVE_PROCESS The service can interact with the desktop.

0x00000100

dwStartType: A value that specifies when to start the service. This MUST be one of the
following values.

Value Meaning

SERVICE_BOOT_START Starts the driver service when the system boots up. This value is valid
only for driver services.
0x00000000

SERVICE_AUTO_START Starts the service automatically during system startup.

0x00000002

SERVICE_DEMAND_START Starts the service when a client requests the SCM to start the service.

0x00000003
Value Meaning

SERVICE_DISABLED Service cannot be started.

0x00000004

dwErrorControl: A value that specifies the severity of the error if the service fails to start
and determines the action that the SCM takes. This MUST be one of the following
values.

Value Meaning

SERVICE_ERROR_IGNORE The SCM ignores the error and continues the startup operation.

0x00000000

SERVICE_ERROR_NORMAL The SCM logs the error, but continues the startup operation.

0x00000001

lpBinaryPathName: A pointer to a null-terminated UNICODE string that contains the

fully qualified path to the service binary file. The path MAY include arguments. If the
path contains a space, it MUST be quoted so that it is correctly interpreted. For example,
"d:\\my share\\myservice.exe" is specified as "\"d:\\my share\\myservice.exe\"".

lpLoadOrderGroup: A pointer to a null-terminated UNICODE string that names the

load-ordering group of which this service is a member.

Specify NULL or an empty string if the service does not belong to a load-ordering
group.

lpdwTagId: A pointer to a variable that receives a tag value. The value is unique to the
group specified in the lpLoadOrderGroup parameter.

lpDependencies: A pointer to an array of null-separated names of services or load

ordering groups that MUST start before this service. The array is doubly null-terminated.
Load ordering group names are prefixed with a "+" character (to distinguish them from
service names). If the pointer is NULL or if it points to an empty string, the service has no
dependencies. Cyclic dependency between services is not allowed. The character set is
Unicode. Dependency on a service means that this service can only run if the service it
depends on is running. Dependency on a group means that this service can run if at
least one member of the group is running after an attempt to start all members of the
group.

dwDependSize: The size, in bytes, of the string specified by the lpDependencies

parameter.

lpServiceStartName: A pointer to a null-terminated UNICODE string that specifies the

name of the account under which the service SHOULD run.

lpPassword: A pointer to a null-terminated UNICODE string that contains the password

of the account whose name was specified by the lpServiceStartName parameter.

dwPwSize: The size, in bytes, of the password specified by the lpPassword parameter.

lpServiceHandle: An LPSC_RPC_HANDLE (section 2.2.4) data type that defines the

handle to the newly created service record.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SC_MANAGER_CREATE_SERVICE access right had

not been granted to the caller when the RPC context
ERROR_ACCESS_DENIED handle was created.

6 The handle specified is invalid.

ERROR_INVALID_HANDLE

13 The data is invalid.

ERROR_INVALID_DATA

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

123 The specified service name is invalid.

ERROR_INVALID_NAME

1057 The user account name specified in the

lpServiceStartName parameter does not exist.
ERROR_INVALID_SERVICE_ACCOUNT
Return value/code Description

1059 A circular service dependency was specified.

ERROR_CIRCULAR_DEPENDENCY

1072 The service record with a specified name already exists

and RDeleteService has been called for it.
ERROR_SERVICE_MARKED_FOR_DELETE

1073 The service record with the ServiceName matching the

specified lpServiceName already exists.
ERROR_SERVICE_EXISTS

1078 The service record with the same DisplayName or the

same ServiceName as the passed in lpDisplayName
ERROR_DUPLICATE_SERVICE_NAME already exists in the service control manager database.

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
use the service name specified in the lpServiceName parameter to create a new service
record in the SCM database and use the values from the appropriate parameters of the
client request to update the attributes of this newly created service record.

The server MUST treat the lpPassword as a clear-text password if the client is using RPC
over TCP, ncacn_ip_tcp (as specified in [MS-RPCE]). See section 2.1.2.

The server MUST treat the lpPassword as encrypted and decrypt it, if the client is using a
RPC over NP, ncacn_np (as specified in [MS-RPCE]). The server MUST first retrieve a
session key as specified in [MS-CIFS] (section 3.5.4.4). An RPC server application requests
the session key of a client and then uses the routine as specified in [MS-LSAD] (section
5.1.2) to decrypt the password.

If the service is created successfully, the server MUST return a handle to the service in
the lpServiceHandle parameter with the access rights associated with this handle as
specified in the dwDesiredAccess parameter of the client request.

If the service is created successfully, the server MUST increment the HandleCount field
of the service record.

The only valid combinations of values for dwServiceType are

SERVICE_INTERACTIVE_PROCESS and SERVICE_WIN32_OWN_PROCESS or
SERVICE_INTERACTIVE_PROCESS and SERVICE_WIN32_SHARE_PROCESS. If the value of
dwServiceType has more than one bit set and the combination of bits is not equal to
SERVICE_INTERACTIVE_PROCESS and SERVICE_WIN32_OWN_PROCESS or
SERVICE_INTERACTIVE_PROCESS and SERVICE_WIN32_SHARE_PROCESS, the server
MUST fail the method and return the error ERROR_INVALID_PARAMETER.

If lpBinaryPathName contains arguments, the server MUST pass these arguments to the
service entry point.

lpdwTagId tags MUST be evaluated by the server for driver services that have
SERVICE_BOOT_START or SERVICE_BOOT_SYSTEM_START start types.
3.1.4.13 REnumDependentServicesW
(Opnum 13)
Article04/27/2022

The REnumDependentServicesW method returns the ServiceName, DisplayName, and

ServiceStatus values of service records that are listed as dependents of a specified
service.

DWORD REnumDependentServicesW(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwServiceState,
[out, size_is(cbBufSize)] LPBYTE lpServices,
[in, range(0, 1024*256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded,
[out] LPBOUNDED_DWORD_256K lpServicesReturned
);

hService: An SC_RPC_HANDLE data type that defines the handle to the service record
that MUST have been created previously, using one of the open methods specified in
section 3.1.4. The SERVICE_ENUMERATE_DEPENDENT access right MUST have been
granted to the caller when the RPC context handle to the service record was created.

dwServiceState: A value that specifies the service records to enumerate based on the
value of their ServiceStatus.dwCurrentState. This MUST be one of the following values.

Value Meaning

SERVICE_ACTIVE Enumerates service records that have a ServiceStatus.dwCurrentState equal

to one of the following: SERVICE_START_PENDING,
0x00000001 SERVICE_STOP_PENDING, SERVICE_RUNNING,
SERVICE_CONTINUE_PENDING, SERVICE_PAUSE_PENDING, and
SERVICE_PAUSED.

SERVICE_INACTIVE Enumerates service records that have a ServiceStatus.dwCurrentState equal

to SERVICE_STOPPED.
0x00000002

SERVICE_STATE_ALL Enumerates service records that have a ServiceStatus.dwCurrentState equal

to one of the following: SERVICE_START_PENDING,
0x00000003 SERVICE_STOP_PENDING, SERVICE_RUNNING,
SERVICE_CONTINUE_PENDING, SERVICE_PAUSE_PENDING,
SERVICE_PAUSED, and SERVICE_STOPPED.
lpServices: A pointer to an array of ENUM_SERVICE_STATUSW (section 2.2.11) structures
that contain the name and service status information for each dependent service in the
database.

cbBufSize: The size, in bytes, of the array pointed to by lpServices.

pcbBytesNeeded: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of bytes needed to store the array of service entries.

lpServicesReturned: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of service entries returned.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SERVICE_ENUMERATE_DEPENDENT access right had

not been granted to the caller when the RPC context handle
ERROR_ACCESS_DENIED to the service record was created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

234 More data is available.

ERROR_MORE_DATA

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
determine the list of service records that depend on the service record identified by the
hService parameter of the client request. The server MUST return this list by setting the
ServiceName, DisplayName, and ServiceStatus.dwCurrentState of each service record in
this list in the array of ENUM_SERVICE_STATUSW (section 2.2.11) structures pointed to
by the lpServices parameter and MUST set the number of services returned in the
lpServicesReturned parameter.

If the size of the lpServices array is sufficient for the list of services returned, the
enumerated data MAY be in the buffer in a non-contiguous manner, and portions of the
lpServices array MAY be empty (filled with 0x00).

The server MUST use the process described in section 3.1.7, "Conversion Between ANSI
and Unicode String Formats", to convert a string to the appropriate format.

The server MUST return the services in reverse sequence of the start order of the
services.

The server MUST return ERROR_INVALID_PARAMETER (87) if a bitmask specified in

dwServiceState contains undefined values.
3.1.4.14 REnumServicesStatusW (Opnum
14)
Article04/27/2022

The REnumServicesStatusW method enumerates service records in the specified SCM

database.

DWORD REnumServicesStatusW(
[in] SC_RPC_HANDLE hSCManager,
[in] DWORD dwServiceType,
[in] DWORD dwServiceState,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024 * 256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded,
[out] LPBOUNDED_DWORD_256K lpServicesReturned,
[in, out, unique] LPBOUNDED_DWORD_256K lpResumeIndex
);

hSCManager: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the SCM database that MUST have been created previously, using one of the open
methods specified in section 3.1.4. The SC_MANAGER_ENUMERATE_SERVICE access right
MUST have been granted to the caller when the RPC context handle to the service
record was created.

dwServiceType: A value that specifies what types of service records to enumerate. This
MUST be one or a combination of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER A driver service. These are services that manage devices on

the system
0x00000001

SERVICE_FILE_SYSTEM_DRIVER A file system driver service. These are services that manage
file systems on the system.
0x00000002

SERVICE_WIN32_OWN_PROCESS Service that runs in its own process.

0x00000010

SERVICE_WIN32_SHARE_PROCESS Service that shares a process with other services.

0x00000020
dwServiceState: A value that specifies the service records to enumerate based on the
value of their ServiceStatus.dwCurrentState. This MUST be one of the following values.

Value Meaning

SERVICE_ACTIVE Enumerates service records that have ServiceStatus.dwCurrentState equal

to one of the following: SERVICE_START_PENDING,
0x00000001 SERVICE_STOP_PENDING, SERVICE_RUNNING,
SERVICE_CONTINUE_PENDING, SERVICE_PAUSE_PENDING, and
SERVICE_PAUSED.

SERVICE_INACTIVE Enumerates service records that have ServiceStatus.dwCurrentState equal

to SERVICE_STOPPED.
0x00000002

SERVICE_STATE_ALL Enumerates service records that have ServiceStatus.dwCurrentState equal

to one of the following: SERVICE_START_PENDING,
0x00000003 SERVICE_STOP_PENDING, SERVICE_RUNNING,
SERVICE_CONTINUE_PENDING, SERVICE_PAUSE_PENDING,
SERVICE_PAUSED, and SERVICE_STOPPED.

lpBuffer: A pointer to an array of ENUM_SERVICE_STATUSW (section 2.2.11) structures

that contain the name and service status information for each service in the database.

cbBufSize: The size, in bytes, of the array pointed to by the lpBuffer parameter.

pcbBytesNeeded: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of bytes needed to store the array of service entries.

lpServicesReturned: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of service entries returned.

lpResumeIndex: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable that

specifies the current position in the status enumeration. The server MUST assign a
unique number to each service for the boot session, in increasing order, and increment
that number by one for each service addition. The value of the lpResumeIndex parameter
is one of these numbers, which the server can use to determine the resumption point for
the enumeration.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SM_MANAGER_ENUMERATE_SERVICE access right had not

been granted to the caller when the RPC context handle to the
ERROR_ACCESS_DENIED service record was created.
Return value/code Description

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

234 More data is available.

ERROR_MORE_DATA

In response to this request from the client, for a successful operation the server MUST
determine the list of service records in the SCM database identified by the hSCManager
parameter with the current value of the ServiceStatus.dwCurrentState equal to the state
specified by dwServiceState parameter and Type equal to the dwServiceType parameter
of the client request. The server MUST return this list by setting the ServiceName,
DisplayName, and ServiceStatus of each service in this list in the array of
ENUM_SERVICE_STATUSW (section 2.2.11) structures pointed to by the lpBuffer
parameter and MUST set the number of services returned in the lpServicesReturned
parameter.

If the lpResumeIndex value is not zero, the server MUST use that as the offset to the list
of services and return only services starting at this offset. If the lpResumeIndex value is
zero, the server MUST return all services. The server MUST set this parameter to zero if
the operation is successful. If the lpResumeIndex value is set by the client to any nonzero
number not returned by the server, the behavior is not defined.

If the size of the lpBuffer array is insufficient for the list of service records returned, the
server MUST fail the call with ERROR_MORE_DATA (234) and return the size in bytes
required in the pcbBytesNeeded parameter. If the size is sufficient for data returned, the
server also returns the required size, in bytes. The required size is dependent on the
actual number of matching service records on the system.

If the size of the lpBuffer array is sufficient for the list of service records returned, the
enumerated data MAY be in the buffer in a non-contiguous manner, and portions of the
lpBuffer array MAY be empty (filled with 0x00).

The server MUST return ERROR_INVALID_PARAMETER (87) if a bitmask specified in the

dwServiceState parameter is zero or contains undefined values.

The server MUST return ERROR_INVALID_PARAMETER (87) if a bitmask specified in the

dwServiceType parameter is zero or contains undefined values.
3.1.4.15 ROpenSCManagerW (Opnum 15)
Article04/27/2022

The ROpenSCManagerW method establishes a connection to server and opens the SCM
database on the specified server.

DWORD ROpenSCManagerW(
[in, string, unique, range(0, SC_MAX_COMPUTER_NAME_LENGTH)]
SVCCTL_HANDLEW lpMachineName,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpDatabaseName,
[in] DWORD dwDesiredAccess,
[out] LPSC_RPC_HANDLE lpScHandle
);

lpMachineName: An SVCCTL_HANDLEW (section 2.2.3) data type that defines the

pointer to a null-terminated UNICODE string that specifies the server's machine name.

lpDatabaseName: A pointer to a null-terminated UNICODE string that specifies the

name of the SCM database to open. The parameter MUST be set to NULL,
"ServicesActive", or "ServicesFailed".

dwDesiredAccess: A value that specifies the access to the database. This MUST be one
of the values as specified in section 3.1.4.

The client MUST also have the SC_MANAGER_CONNECT access right.

lpScHandle: An LPSC_RPC_HANDLE data type that defines the handle to the newly
opened SCM database.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The client does not have the required access rights to

open the SCM database on the server or the desired
ERROR_ACCESS_DENIED access is not granted to it in the SCM SecurityDescriptor.

123 The specified service name is invalid.

ERROR_INVALID_NAME

1065 The database specified does not exist.

ERROR_DATABASE_DOES_NOT_EXIST
Return value/code Description

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
create an RPC context handle to the SCM database and grant subsequent access
specified in the dwDesiredAccess parameter of the client request to clients using this
handle after evaluating the client security context against SCM SecurityDescriptor. The
server MUST return this handle by setting the lpScHandle parameter of the client
request.

If the caller cannot be granted permission requested in the dwDesiredAccess parameter,

the server MUST fail the call.<40>

The server MUST return ERROR_INVALID_NAME (123) if lpDatabaseName is not NULL

and not ServicesActive or ServicesFailed.

The server MUST return ERROR_DATABASE_DOES_NOT_EXIST (1065) if lpDatabaseName

is ServicesFailed.
3.1.4.16 ROpenServiceW (Opnum 16)
Article01/04/2022

The ROpenServiceW method creates an RPC context handle to an existing service

record.

DWORD ROpenServiceW(
[in] SC_RPC_HANDLE hSCManager,
[in, string, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpServiceName,
[in] DWORD dwDesiredAccess,
[out] LPSC_RPC_HANDLE lpServiceHandle
);

hSCManager: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the SCM database, created using one of the open methods specified in section 3.1.4.

lpServiceName: A pointer to a null-terminated UNICODE string that specifies the

ServiceName of the service record.

The forward slash, back slash, comma, and space characters are illegal in service names.

dwDesiredAccess: A value that specifies the access right. This MUST be one of the
values as specified in section 3.1.4.

lpServiceHandle: An LPSC_RPC_HANDLE (section 2.2.4) data type that defines the

handle to the found service record.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The access specified by the dwDesiredAccess parameter

cannot be granted to the caller.
ERROR_ACCESS_DENIED

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

123 The specified service name is invalid.

ERROR_INVALID_NAME
Return value/code Description

1060 The service record with a specified DisplayName does not

exist in the SCM database.
ERROR_SERVICE_DOES_NOT_EXIST

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
create an RPC context handle to the service record identified by the lpServiceName
parameter in the SCM database identified by the hSCManager parameter of the client
request after evaluating the SecurityDescriptor found in the service record against the
caller's security context for the requested access. The server MUST increment the
HandleCount field of the service record and return this handle by setting the lpScHandle
parameter.
3.1.4.17 RQueryServiceConfigW (Opnum
17)
Article06/24/2021

The RQueryServiceConfigW method returns the configuration parameters of the

specified service.

DWORD RQueryServiceConfigW(
[in] SC_RPC_HANDLE hService,
[out] LPQUERY_SERVICE_CONFIGW lpServiceConfig,
[in, range(0, 1024*8)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_8K pcbBytesNeeded
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously, using one of the open methods
specified in section 3.1.4. The SERVICE_QUERY_CONFIG access right MUST have been
granted to the caller when the RPC context handle was created.

lpServiceConfig: A pointer to a buffer that contains the QUERY_SERVICE_CONFIGW

(section 2.2.15) structure.

cbBufSize: The size, in bytes, of the lpServiceConfig parameter.

pcbBytesNeeded: An LPBOUNDED_DWORD_8K (section 2.2.8) data type that defines the

pointer to a variable that contains the number of bytes needed to return all the
configuration information if the method fails.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SERVICE_QUERY_CONFIG access right had not been

granted to the caller when the RPC context handle was
ERROR_ACCESS_DENIED created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

122 The data area passed to a system call is too small.

ERROR_INSUFFICIENT_BUFFER
Return value/code Description

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
query the configuration information stored in the SCM database in the service record
identified by the hService parameter of the client request. The server MUST return this
configuration data by setting the lpServiceConfig parameter as specified in 2.2.15.

The server MUST set the required buffer size, in bytes, in the pcbBytesNeeded parameter.
If the buffer pointed to by lpServiceConfig is insufficient to hold all the configuration
data, the server MUST fail the call with ERROR_INSUFFICIENT_BUFFER (122).
3.1.4.18 RQueryServiceLockStatusW
(Opnum 18)
Article10/30/2020

The RQueryServiceLockStatusW method returns the lock status of the specified SCM
database.

DWORD RQueryServiceLockStatusW(
[in] SC_RPC_HANDLE hSCManager,
[out] LPQUERY_SERVICE_LOCK_STATUSW lpLockStatus,
[in, range(0, 1024*4)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_4K pcbBytesNeeded
);

hSCManager: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the SCM database created using one of the open methods specified in section 3.1.4. The
SC_MANAGER_QUERY_LOCK_STATUS access right MUST have been granted to the caller
when the RPC context handle was created.

lpLockStatus: A pointer to a buffer that contains QUERY_SERVICE_LOCK_STATUSW

(section 2.2.17) structures.

cbBufSize: The size, in bytes, of the lpLockStatus buffer.

pcbBytesNeeded: An LPBOUNDED_DWORD_4K (section 2.2.7) data type that defines the

pointer to a variable that receives the number of bytes needed to return all the lock
status information if the method fails.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SC_MANAGER_QUERY_LOCK_STATUS access right had not

been granted to the caller when the RPC context handle was
ERROR_ACCESS_DENIED created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

122 The data area passed to a system call is too small.

ERROR_INSUFFICIENT_BUFFER
In response to this request from the client, for a successful operation the server MUST
query the lock status of the SCM database identified by the hSCManager parameter of
the client request. The server MUST return this lock status by setting the lpLockStatus
parameter as specified in 2.2.17.

If the buffer pointed to by lpLockStatus is insufficient to hold all the lock status data, the
server MUST fail the call with ERROR_INSUFFICIENT_BUFFER (122) and set the required
buffer size in the pcbBytesNeeded parameter. If the size is sufficient for data returned,
the server also returns the required size, in bytes.
3.1.4.19 RStartServiceW (Opnum 19)
Article04/27/2022

The RStartServiceW method starts a specified service.

DWORD RStartServiceW(
[in] SC_RPC_HANDLE hService,
[in, range(0, SC_MAX_ARGUMENTS)]
DWORD argc,
[in, unique, size_is(argc)] LPSTRING_PTRSW argv
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously using one of the open methods
specified in section 3.1.4. The SERVICE_START access right MUST have been granted to
the caller when the RPC context handle to the service record was created.

argc: The number of argument strings in the argv array. If argv is NULL, this parameter
MAY be 0.

argv: A pointer to a buffer that contains an array of pointers to null-terminated

UNICODE strings that are passed as arguments to the service.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.<41>

Return value/code Description

2 The system cannot find the file specified.

ERROR_FILE_NOT_FOUND

3 The system cannot find the path specified.

ERROR_PATH_NOT_FOUND

5 The SERVICE_START access right had not been granted

to the caller when the RPC context handle to the
ERROR_ACCESS_DENIED service record was created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER
Return value/code Description

1053 The process for the service was started, but it did not
respond within an implementation-specific time-out.
ERROR_SERVICE_REQUEST_TIMEOUT <42>

1054 A thread could not be created for the service.

ERROR_SERVICE_NO_THREAD

1055 The service database is locked by the call to the

BlockServiceDatabase method.<43>
ERROR_SERVICE_DATABASE_LOCKED

1056 The ServiceStatus.dwCurrentState in the service

record is not set to SERVICE_STOPPED.
ERROR_SERVICE_ALREADY_RUNNING

1058 The service cannot be started because the Start field in

the service record is set to SERVICE_DISABLED.
ERROR_SERVICE_DISABLED

1068 The specified service depends on another service that

has failed to start.
ERROR_SERVICE_DEPENDENCY_FAIL

1069 The service did not start due to a logon failure.

ERROR_SERVICE_LOGON_FAILED

1072 The RDeleteService method has been called for the

service record identified by the hService parameter.
ERROR_SERVICE_MARKED_FOR_DELETE

1075 The specified service depends on a service that does

not exist or has been marked for deletion.
ERROR_SERVICE_DEPENDENCY_DELETED

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
start the service using the information from the service record identified by the hService
parameter and pass the arguments specified in the argv parameter as part of the service
launch command.

If argv is not NULL, the client SHOULD set the first element in argv to the name of the
service.

The server MUST ignore argv for service records with Type equal to
SERVICE_KERNEL_DRIVER or SERVICE_FILE_SYSTEM_DRIVER.
The server MUST set the ServiceStatus.dwCurrentState in the service record, as
specified in SERVICE_STATUS (section 2.2.47), to SERVICE_START_PENDING.

The server MUST set the ServiceStatus.dwControlsAccepted in the service record, as

specified in SERVICE_STATUS, to none (zero).

The server MUST set the ServiceStatus.dwCheckPoint in the service record, as specified
in SERVICE_STATUS, to zero.

The server MUST set the ServiceStatus.dwWaitHint in the service record, as specified in
SERVICE_STATUS, to 2 seconds.

The server MUST return ERROR_SERVICE_NO_THREAD if it is unable to create a new

thread for the service process.

If argv does not contain as many non-NULL pointers as indicated by argc, the server
MUST fail the call with ERROR_INVALID_PARAMETER (87).
3.1.4.20 RGetServiceDisplayNameW
(Opnum 20)
Article01/04/2022

The RGetServiceDisplayNameW method returns the display name of the specified

service.

DWORD RGetServiceDisplayNameW(
[in] SC_RPC_HANDLE hSCManager,
[in, string, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpServiceName,
[out, string, range(1, 4*1024+1), size_is(* lpcchBuffer
+1)]
wchar_t* lpDisplayName,
[in, out] DWORD* lpcchBuffer
);

hSCManager: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the SCM database, created using one of the open methods specified in section 3.1.4.

lpServiceName: A pointer to a null-terminated UNICODE string that specifies the service

name.

The forward slash, back slash, comma, and space characters are illegal in service names.

lpDisplayName: A pointer to a buffer that receives the null-terminated UNICODE string

that contains the service display name.

lpcchBuffer: A DWORD data type that defines the pointer to a variable that specifies the
size, in wchar_ts, of the buffer. On output, this variable receives the size of the service's
display name, excluding the terminating null character.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

122 The display name does not fit in the buffer.

ERROR_INSUFFICIENT_BUFFER

123 The specified service name is invalid.

ERROR_INVALID_NAME
Return value/code Description

1060 The service record with the specified ServiceName does not
exist in the SCM database identified by the hSCManager
ERROR_SERVICE_DOES_NOT_EXIST parameter.

In response to this request from the client, for a successful operation the server MUST
look up the service record with the ServiceName matching the specified lpServiceName
in the SCM database identified by the hSCManager parameter. The server MUST return
the DisplayName from the found service record in the lpDisplayName parameter and set
the size in wchar_ts of the display name excluding the terminating null character in
lpcchBuffer.

If the lpDisplayName buffer is insufficient to hold the complete display name of the
service, the server MUST fail the call with ERROR_INSUFFICIENT_BUFFER (122) and set
the size in wchar_ts of the display name excluding the terminating null character in
lpcchBuffer. If the size is sufficient for data returned, the server also returns the required
size, in bytes.
3.1.4.21 RGetServiceKeyNameW (Opnum
21)
Article04/27/2022

The RGetServiceKeyNameW method returns the ServiceName of the service record with
the specified DisplayName.

DWORD RGetServiceKeyNameW(
[in] SC_RPC_HANDLE hSCManager,
[in, string, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpDisplayName,
[out, string, range(1, 4*1024+1), size_is(*lpcchBuffer+1)]
wchar_t* lpServiceName,
[in, out] DWORD* lpcchBuffer
);

hSCManager: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the SCM database created using one of the open methods specified in section 3.1.4.

lpDisplayName: A pointer to a null-terminated UNICODE string that specifies the

service display name.

lpServiceName: A pointer to a buffer that receives the null-terminated UNICODE string

that contains the service name.

The forward slash, back slash, comma, and space characters are illegal in service names.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

123 The name specified in the lpDisplayName parameter is

invalid or set to NULL.
ERROR_INVALID_NAME

1060 The service record with the DisplayName matching the

value specified in the lpDisplayName parameter does not
ERROR_SERVICE_DOES_NOT_EXIST exist in the SCM database identified by the hSCManager
parameter.
In response to this request from the client, for a successful operation the server MUST
look up the service record with DisplayName matching the display name specified by
the lpDisplayName parameter in the SCM database identified by hSCManager.

The server MUST return the ServiceName from the found service record in the
lpServiceName parameter and set the size in wchar_ts of the service name excluding the
terminating null character in the lpcchBuffer parameter.

If the lpServiceName buffer is insufficient to hold the complete service name of the
service, the server MUST fail the call with ERROR_INSUFFICIENT_BUFFER (122) and set
the size in wchar_ts of the service name excluding the terminating null character in the
lpcchBuffer parameter. If the size is sufficient for data returned, the server also returns
the required size, in bytes.
3.1.4.22 RChangeServiceConfigA
(Opnum 23)
Article04/27/2022

The RChangeServiceConfigA method changes a service's configuration parameters in

the SCM database.

DWORD RChangeServiceConfigA(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwServiceType,
[in] DWORD dwStartType,
[in] DWORD dwErrorControl,
[in, string, unique, range(0, SC_MAX_PATH_LENGTH)]
LPSTR lpBinaryPathName,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpLoadOrderGroup,
[in, out, unique] LPDWORD lpdwTagId,
[in, unique, size_is(dwDependSize)]
LPBYTE lpDependencies,
[in, range(0, SC_MAX_DEPEND_SIZE)]
DWORD dwDependSize,
[in, string, unique, range(0, SC_MAX_ACCOUNT_NAME_LENGTH)]
LPSTR lpServiceStartName,
[in, unique, size_is(dwPwSize)]
LPBYTE lpPassword,
[in, range(0, SC_MAX_PWD_SIZE)]
DWORD dwPwSize,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpDisplayName
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously, using one of the open methods
specified in section 3.1.4. The SERVICE_CHANGE_CONFIG access right MUST have been
granted to the caller when the RPC context handle to the service record was created.

dwServiceType: A Type value for the service record (section 3.1.1) that specifies the type
of service. This MUST be one of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER A driver service. These are services that manage devices on

the system.
0x00000001
Value Meaning

SERVICE_FILE_SYSTEM_DRIVER A file system driver service. These are services that manage
file systems on the system.
0x00000002

SERVICE_WIN32_OWN_PROCESS Service that runs in its own process.

0x00000010

SERVICE_WIN32_SHARE_PROCESS Service that shares a process with other services.

0x00000020

SERVICE_NO_CHANGE Service type does not change.

0xFFFFFFFF

The following flag can also be combined with the value passed in dwServiceType.

Value Meaning

SERVICE_INTERACTIVE_PROCESS The service can interact with the desktop.

0x00000100

dwStartType: A Start value for the service record (section 3.1.1) that specifies when to
start the service. This MUST be one of the following values.

Value Meaning

SERVICE_BOOT_START Starts the driver service when the system boots up. This value is valid
only for driver services.
0x00000000

SERVICE_AUTO_START Starts the service automatically during system startup.

0x00000002

SERVICE_DEMAND_START Starts the service when a client requests the SCM to start the service.

0x00000003

SERVICE_DISABLED Service cannot be started.

0x00000004
Value Meaning

SERVICE_NO_CHANGE Service start type does not change.

0xFFFFFFFF

Value Meaning

SERVICE_ERROR_IGNORE The SCM ignores the error and continues the startup operation.

0x00000000

SERVICE_ERROR_NORMAL The SCM logs the error, but continues the startup operation.

0x00000001

SERVICE_NO_CHANGE Service error control type does not change.

0xFFFFFFFF

lpBinaryPathName: An ImagePath value for the service record (section 3.1.1) as a

pointer to a null-terminated ANSI string that contains the fully qualified path to the
service binary file. The path MAY include arguments. If the path contains a space, it
MUST be quoted so that it is correctly interpreted. For example, "d:\\my
share\\myservice.exe" is specified as "\"d:\\my share\\myservice.exe\"".

lpLoadOrderGroup: A Group value for the service record (section 3.1.1) as a pointer to a
null-terminated ANSI string that names the load ordering group of which this service is
a member.

Specify NULL or an empty string if the service does not belong to a load-ordering
group.

lpdwTagId: A Tag value for the service record (section 3.1.1) as a pointer to a variable
that receives a tag value. The value is unique to the group specified in the
lpLoadOrderGroup parameter.
lpDependencies: DependOnSize and DependOnGroup values for the service record
(section 3.1.1) as a pointer to an array of null-separated names of services or load
ordering groups that MUST start before this service. The array is doubly null-terminated.
Load ordering group names are prefixed with a "+" character (to distinguish them from
service names). If the pointer is NULL or if it points to an empty string, the service has no
dependencies. Cyclic dependency between services is not allowed. The character set is
ANSI. Dependency on a service means that this service can only run if the service it
depends on is running. Dependency on a group means that this service can run if at
least one member of the group is running after an attempt to start all members of the
group.

dwDependSize: The size, in bytes, of the string specified by the lpDependencies

parameter.

lpServiceStartName: An ObjectName value for the service record (section 3.1.1) as a

pointer to a null-terminated ANSI string that specifies the name of the account under
which the service runs.

lpPassword: A Password value for the service record (section 3.1.1) as a pointer to a null-
terminated ANSI string that contains the password of the account whose name was
specified by the lpServiceStartName parameter.

dwPwSize: The size, in bytes, of the password specified by the lpPassword parameter.

lpDisplayName: A DisplayName value for the service record (section 3.1.1) as a pointer
to a null-terminated ANSI string that contains the display name that applications can
use to identify the service for its users.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SERVICE_CHANGE_CONFIG access right had not

been granted to the caller when the RPC context handle
ERROR_ACCESS_DENIED to the service record was created.

6 The handle specified is invalid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER
Return value/code Description

1057 The user account name specified in the

lpServiceStartName parameter does not exist.
ERROR_INVALID_SERVICE_ACCOUNT

1059 A circular service dependency was specified.

ERROR_CIRCULAR_DEPENDENCY

1078 The lpDisplayName matches either the ServiceName or

the DisplayName of another service record in the
ERROR_DUPLICATE_SERVICE_NAME service control manager database.

1072 The RDeleteService has been called for the service

record identified by the hService parameter.
ERROR_SERVICE_MARKED_FOR_DELETE

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
update, using the values from the appropriate parameters of the client request, the
service record identified by the hService parameter in the SCM database:

If the client passes NULL for lpBinaryPathName, the server MUST keep the existing
ImagePath value.

If the client passes NULL for lpLoadOrderGroup, the server MUST keep the existing
ServiceGroup value.

If the client passes NULL for lpdwTagId, the server MUST keep the existing Tag
value.

If the client passes NULL for lpDependencies, the server MUST keep the existing
DependOnService and DependOnGroup values.

If the client passes NULL for lpServiceStartName, the server MUST keep the existing
ObjectName value.

If the client passes NULL for lpPassword, the server MUST keep the existing
Password value.

If dwServiceType is set to SERVICE_WIN32_OWN_PROCESS or

SERVICE_WIN32_SHARE_PROCESS combined with the SERVICE_INTERACTIVE_PROCESS
bit and the ObjectName field of the service record is not equal to LocalSystem, the
server MUST fail the request with ERROR_INVALID_PARAMETER.

If the service has a PreferredNode setting and the client requested a change in service
type other than SERVICE_WIN32_OWN_PROCESS, the server MUST fail the call with
ERROR_INVALID_PARAMETER (87).

If the service is a member of a load-order group and has a start type of delayed
autostart (see section 2.2.33), then the server MUST fail the call with
ERROR_INVALID_PARAMETER (87).

If lpdwTagId has a valid value and lpLoadOrderGroup is either NULL or an empty string,
then the server MUST return ERROR_INVALID_PARAMETER.

The server MUST use the process described in Conversion Between ANSI and Unicode
String Formats (section 3.1.7) to convert a string to the appropriate format.

For service record changes to apply to the running service, the service MUST be stopped
and started back up, except in the case of lpDisplayName. Changes to lpDisplayName
take effect immediately.

If lpBinaryPathName contains arguments, the server MUST pass these arguments to the
service entry point.
3.1.4.23 RCreateServiceA (Opnum 24)
Article04/27/2022

The RCreateServiceA method creates the service record in the SCM database.

DWORD RCreateServiceA(
[in] SC_RPC_HANDLE hSCManager,
[in, string, range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpServiceName,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpDisplayName,
[in] DWORD dwDesiredAccess,
[in] DWORD dwServiceType,
[in] DWORD dwStartType,
[in] DWORD dwErrorControl,
[in, string, range(0, SC_MAX_PATH_LENGTH)]
LPSTR lpBinaryPathName,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpLoadOrderGroup,
[in, out, unique] LPDWORD lpdwTagId,
[in, unique, size_is(dwDependSize)]
LPBYTE lpDependencies,
[in, range(0, SC_MAX_DEPEND_SIZE)]
DWORD dwDependSize,
[in, string, unique, range(0, SC_MAX_ACCOUNT_NAME_LENGTH)]
LPSTR lpServiceStartName,
[in, unique, size_is(dwPwSize)]
LPBYTE lpPassword,
[in, range(0, SC_MAX_PWD_SIZE)]
DWORD dwPwSize,
[out] LPSC_RPC_HANDLE lpServiceHandle
);

lpServiceName: A pointer to a null-terminated ANSI string that specifies the name of

the service to install. This MUST not be null.

The forward slash, back slash, comma, and space characters are illegal in service names.

lpDisplayName: A pointer to a null-terminated ANSI string that contains the display

name by which user interface programs identify the service.
dwDesiredAccess: A value that specifies the access to the service. This MUST be one of
the values specified in section 3.1.4.

The following generic access types also can be specified.

dwServiceType: A value that specifies the type of service. This MUST be one or a
combination of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER A driver service. These are services that manage devices on

the system.
0x00000001

SERVICE_FILE_SYSTEM_DRIVER A file system driver service. These are services that manage
file systems on the system.
0x00000002

SERVICE_WIN32_OWN_PROCESS Service that runs in its own process.

0x00000010

SERVICE_WIN32_SHARE_PROCESS Service that shares a process with other services.

0x00000020

SERVICE_INTERACTIVE_PROCESS The service can interact with the desktop.

0x00000100

dwStartType: A value that specifies when to start the service. This MUST be one of the
following values.

Value Meaning

SERVICE_BOOT_START Starts the driver service when the system boots up. This value is valid
only for driver services.
0x00000000

SERVICE_AUTO_START Starts the service automatically during system startup.

0x00000002

SERVICE_DEMAND_START The SCM starts the service when a process calls the StartService
function. For more information, see [MSDN-STARTSERVICE] .
0x00000003
Value Meaning

SERVICE_DISABLED Service cannot be started.

0x00000004

dwErrorControl: A value that specifies the severity of the error if the service fails to start
and determines the action that the SCM takes. This MUST be one of the following
values.

Value Meaning

SERVICE_ERROR_IGNORE The SCM ignores the error and continues the startup operation.

0x00000000

SERVICE_ERROR_NORMAL The SCM logs the error, but continues the startup operation.

0x00000001

lpBinaryPathName: A pointer to a null-terminated ANSI string that contains the fully

qualified path to the service binary file. The path MAY include arguments. If the path
contains a space, it MUST be quoted so that it is correctly interpreted. For example,
"d:\\my share\\myservice.exe" is specified as "\"d:\\my share\\myservice.exe\"".

lpLoadOrderGroup: A pointer to a null-terminated ANSI string that names the load-

ordering group of which this service is a member.

Specify NULL or an empty string if the service does not belong to a load-ordering
group.

lpdwTagId: A pointer to a variable that receives a tag value. The value is unique to the
group specified in the lpLoadOrderGroup parameter.

lpDependencies: A pointer to an array of null-separated names of services or load

ordering groups that MUST start before this service. The array is doubly null-terminated.
Load ordering group names are prefixed with a "+" character (to distinguish them from
service names). If the pointer is NULL or if it points to an empty string, the service has no
dependencies. Cyclic dependency between services is not allowed. The character set is
ANSI. Dependency on a service means that this service can only run if the service it
depends on is running. Dependency on a group means that this service can run if at
least one member of the group is running after an attempt to start all members of the
group.

dwDependSize: The size, in bytes, of the string specified by the lpDependencies

parameter.

lpServiceStartName: A pointer to a null-terminated ANSI string that specifies the name

of the account under which the service runs.

lpPassword: A pointer to a null-terminated ANSI string that contains the password of

the account whose name was specified by the lpServiceStartName parameter.

dwPwSize: The size, in bytes, of the password specified by the lpPassword parameter.

lpServiceHandle: An LPSC_RPC_HANDLE (section 2.2.4) data type that defines the

handle to the newly created service record.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SC_MANAGER_CREATE_SERVICE access right had

not been granted to the caller when the RPC context
ERROR_ACCESS_DENIED handle was created.

6 The handle specified is invalid.

ERROR_INVALID_HANDLE

13 The data is invalid.

ERROR_INVALID_DATA

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

123 The specified service name is invalid.

ERROR_INVALID_NAME

1057 The user account name specified in the

lpServiceStartName parameter does not exist.
ERROR_INVALID_SERVICE_ACCOUNT
Return value/code Description

1059 A circular service dependency was specified.

ERROR_CIRCULAR_DEPENDENCY

1072 The service record with a specified name already exists,

and RDeleteService has been called for it.
ERROR_SERVICE_MARKED_FOR_DELETE

1073 The service record with the ServiceName matching the

specified lpServiceName already exists.
ERROR_SERVICE_EXISTS

1078 The service record with the same DisplayName or the

same ServiceName as the passed-in lpDisplayName
ERROR_DUPLICATE_SERVICE_NAME already exists in the service control manager database.

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

The server MUST treat the lpPassword as a clear-text password if the client is using RPC
over TCP, ncacn_ip_tcp (as specified in [MS-RPCE]). See section 2.1.2 Client.

The server MUST use the process described in Conversion Between ANSI and Unicode
String Formats (section 3.1.7) to convert a string to the appropriate format.

If the service is created successfully, the server MUST increment the HandleCount field
of the service record.

The only valid combinations of values for dwServiceType are

If lpBinaryPathName contains arguments, the server MUST pass these arguments to the
service entry point.

If lpdwTagId has a valid value and lpLoadOrderGroup is either NULL or an empty string,
then the server MUST return ERROR_INVALID_PARAMETER.
3.1.4.24 REnumDependentServicesA
(Opnum 25)
Article04/27/2022

The REnumDependentServicesA method returns the ServiceName, DisplayName, and

ServiceStatus of each service record that depends on the specified service.

DWORD REnumDependentServicesA(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwServiceState,
[out, size_is(cbBufSize)] LPBYTE lpServices,
[in, range(0, 1024*256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded,
[out] LPBOUNDED_DWORD_256K lpServicesReturned
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously, using one of the open methods
specified in section 3.1.4. The SERVICE_ENUMERATE_DEPENDENT access right MUST
have been granted to the caller when the RPC context handle to the service record was
created.

dwServiceState: A value that specifies the service records to enumerate based on the
value of their ServiceStatus.dwCurrentState. This MUST be one of the following values.

Value Meaning

SERVICE_ACTIVE Enumerates service records that have ServiceStatus.dwCurrentState equal

to one of the following: SERVICE_START_PENDING,
0x00000001 SERVICE_STOP_PENDING, SERVICE_RUNNING,
SERVICE_CONTINUE_PENDING, SERVICE_PAUSE_PENDING, and
SERVICE_PAUSED.

SERVICE_INACTIVE Enumerates service records that have ServiceStatus.dwCurrentState equal

to SERVICE_STOPPED.
0x00000002

SERVICE_STATE_ALL Enumerates services that have ServiceStatus.dwCurrentState equal to one

of the following: SERVICE_START_PENDING, SERVICE_STOP_PENDING,
0x00000003 SERVICE_RUNNING, SERVICE_CONTINUE_PENDING,
SERVICE_PAUSE_PENDING, SERVICE_PAUSED, and SERVICE_STOPPED.

lpServices: A pointer to an array of ENUM_SERVICE_STATUSA (section 2.2.10) structures

that contain the name and service status information for each dependent service record
in the database.

cbBufSize: The size, in bytes, of the array pointed to by lpServices.

pcbBytesNeeded: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of bytes needed to store the array of service entries.

lpServicesReturned: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of service entries returned.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SERVICE_ENUMERATE_DEPENDENT access right had

not been granted to the caller when the RPC context handle
ERROR_ACCESS_DENIED to the service record was created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

234 More data is available.

ERROR_MORE_DATA

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation, the server MUST
determine the list of service records that depend on the service record identified by the
hService parameter of the client request. The server MUST return this list by setting the
ServiceName, DisplayName, and ServiceStatus of each service record in this list in the
array of ENUM_SERVICE_STATUSA (section 2.2.10) structures pointed to by the lpServices
parameter and MUST set the number of services returned in the lpServicesReturned
parameter.

If the size of the lpServices array is insufficient for the list of services returned, the server
MUST fail the call with ERROR_MORE_DATA (234) and return the size in bytes required in
the pcbBytesNeeded parameter. If the size is sufficient for data returned, the server also
returns the required size, in bytes.
If the size of the lpServices array is sufficient for the list of services returned, the
enumerated data MAY be in the buffer in a non-contiguous manner, and portions of the
lpServices array MAY be empty (filled with 0x00).

The server MUST use the process described in Conversion Between ANSI and Unicode
String Formats (section 3.1.7) to convert a string to the appropriate format.

The server MUST return the services in reverse sequence of the start order of the
services.

The server MUST return ERROR_INVALID_PARAMETER (87) if a bitmask specified in

dwServiceState contains undefined values.
3.1.4.25 REnumServicesStatusA (Opnum
26)
Article01/04/2022

The REnumServicesStatusA method enumerates service records in the specified SCM

database.

DWORD REnumServicesStatusA(
[in] SC_RPC_HANDLE hSCManager,
[in] DWORD dwServiceType,
[in] DWORD dwServiceState,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024*256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded,
[out] LPBOUNDED_DWORD_256K lpServicesReturned,
[in, out, unique] LPBOUNDED_DWORD_256K lpResumeIndex
);

dwServiceType: A value that specifies the service records to enumerate based on the
Type value. This MUST be one or a combination of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER A driver service. These are services that manage devices on

the system.
0x00000001

SERVICE_FILE_SYSTEM_DRIVER A file system driver service. These are services that manage
file systems on the system.
0x00000002

SERVICE_WIN32_OWN_PROCESS Service that runs in its own process.

0x00000010

SERVICE_WIN32_SHARE_PROCESS Service that shares a process with other services.

0x00000020
dwServiceState: A value that specifies the service records to enumerate based on their
ServiceStatus.dwCurrentState. This MUST be one of the following values.

Value Meaning

SERVICE_ACTIVE Enumerates service records that have ServiceStatus.dwCurrentState equal

to one of the following: SERVICE_START_PENDING,
0x00000001 SERVICE_STOP_PENDING, SERVICE_RUNNING,
SERVICE_CONTINUE_PENDING, SERVICE_PAUSE_PENDING, and
SERVICE_PAUSED.

SERVICE_INACTIVE Enumerates services that have ServiceStatus.dwCurrentState equal to

SERVICE_STOPPED.
0x00000002

SERVICE_STATE_ALL Enumerates services that have ServiceStatus.dwCurrentState equal to one

of the following: SERVICE_START_PENDING, SERVICE_STOP_PENDING,
0x00000003 SERVICE_RUNNING, SERVICE_CONTINUE_PENDING,
SERVICE_PAUSE_PENDING, SERVICE_PAUSED, and SERVICE_STOPPED.

lpBuffer: A pointer to an array of ENUM_SERVICE_STATUSA (section 2.2.10) structures

that contain the name and service status information for each dependent service in the
database.

cbBufSize: The size, in bytes, of the array pointed to by lpBuffer.

pcbBytesNeeded: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of bytes needed to store the array of service entries.

lpServicesReturned: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of service entries returned.

lpResumeIndex: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable that

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SC_MANAGER_ENUMERATE_SERVICE access right had not

been granted to the caller when the RPC context handle to the
ERROR_ACCESS_DENIED service record was created.
Return value/code Description

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

234 More data is available.

ERROR_MORE_DATA

In response to this request from the client, for a successful operation the server MUST
determine the list of service records in the SCM database identified by the hSCManager
parameter with the current value of ServiceStatus.dwCurrentState equal to the state
specified by the dwServiceState parameter and Type equal to the dwServiceType of the
client request. The server MUST return this list by setting the ServiceName,
DisplayName, and ServiceStatus of each service in this list in the array of
ENUM_SERVICE_STATUSA (section 2.2.10) structures pointed to by the lpServices
parameter and MUST set the number of services returned in the lpServicesReturned
parameter.

If the lpResumeIndex value is not zero, the server MUST use that as the offset to the
service list and return only services starting at this offset. If the lpResumeIndex value is
zero, the server MUST return all services. The server MUST set this parameter to zero if
the operation succeeds. If the lpResumeIndex value is set by the client to any nonzero
number not returned by the server, the behavior is not defined.

The server MUST use the process described in Conversion Between ANSI and Unicode
String Formats (section 3.1.7) to convert a string to the appropriate format.

The server MUST return ERROR_INVALID_PARAMETER (87) if a bitmask specified in

dwServiceState is zero or contains undefined values.
The server MUST return ERROR_INVALID_PARAMETER (87) if a bitmask specified in
dwServiceType is zero or contains undefined values.
3.1.4.26 ROpenSCManagerA (Opnum 27)
Article04/27/2022

The ROpenSCManagerA method opens a connection to the SCM from the client and
then opens the specified SCM database.

lpMachineName: An SVCCTL_HANDLEA (section 2.2.2) data type that defines the

pointer to a null-terminated ANSI string that specifies the server's machine name.

lpDatabaseName: A pointer to a null-terminated ANSI string that specifies the name of

the SCM database to open. The parameter MUST be set to NULL, "ServicesActive", or
"ServicesFailed".

dwDesiredAccess: A value that specifies the access to the database. This MUST be one
of the values specified in section 3.1.4.

The client MUST also have the SC_MANAGER_CONNECT access right.

lpScHandle: An LPSC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the newly opened SCM connection.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SC_MANAGER_CONNECT access right or the desired

access is not granted to the caller in the SCM
ERROR_ACCESS_DENIED SecurityDescriptor.

123 The specified service name is invalid.

ERROR_INVALID_NAME

1065 The database specified does not exist.

ERROR_DATABASE_DOES_NOT_EXIST
Return value/code Description

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
create an RPC context handle to the SCM database and grant subsequent access
specified in the dwDesiredAccess parameter of the client request after evaluating the
client security context against the SCM SecurityDescriptor. The server MUST return this
handle by setting the lpScHandle parameter of the client request.

If the caller cannot be granted permission requested in the dwDesiredAccess parameter,

the server MUST fail the call.<45>

The server MUST use the process described in Conversion Between ANSI and Unicode
String Formats (section 3.1.7) to convert a string to the appropriate format.

The server MUST return ERROR_INVALID_NAME (123) if lpDatabaseName is not NULL

and is not ServicesActive or ServicesFailed.

The server MUST return ERROR_DATABASE_DOES_NOT_EXIST (1065) if lpDatabaseName

is ServicesFailed.
3.1.4.27 ROpenServiceA (Opnum 28)
Article04/27/2022

The ROpenServiceA method creates an RPC context handle to an existing service record.

DWORD ROpenServiceA(
[in] SC_RPC_HANDLE hSCManager,
[in, string, range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpServiceName,
[in] DWORD dwDesiredAccess,
[out] LPSC_RPC_HANDLE lpServiceHandle
);

hSCManager: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the SCM database, created using one of the open methods specified in section 3.1.4.

lpServiceName: A pointer to a null-terminated ANSI string that specifies the

ServiceName of the service record to open.

The forward slash, back slash, comma, and space characters are illegal in service names.

dwDesiredAccess: A value that specifies the access right. This MUST be one of the
values specified in section 3.1.4.

lpServiceHandle: An LPSC_RPC_HANDLE (section 2.2.4) data type that defines the

handle to the found service record.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The access specified by the dwDesiredAccess parameter

cannot be granted to the caller.
ERROR_ACCESS_DENIED

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

123 The specified service name is invalid.

ERROR_INVALID_NAME

1060 The service record with a specified DisplayName does not

exist in the SCM database.
ERROR_SERVICE_DOES_NOT_EXIST
Return value/code Description

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
create an RPC context handle to the service record identified by the lpServiceName
parameter in the SCM database specified by the hSCManager parameter of the client
request after evaluating the SecurityDescriptor found in the service record against the
caller's security context for the requested access. The server MUST increment the
HandleCount field of the service record and return this handle by setting the lpScHandle
parameter.

The server MUST use the process described in Conversion Between ANSI and Unicode
String Formats (section 3.1.7) to convert a string to the appropriate format.
3.1.4.28 RQueryServiceConfigA (Opnum
29)
Article04/27/2022

The RQueryServiceConfigA method returns the configuration parameters of the

specified service.

DWORD RQueryServiceConfigA(
[in] SC_RPC_HANDLE hService,
[out] LPQUERY_SERVICE_CONFIGA lpServiceConfig,
[in, range(0, 1024*8)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_8K pcbBytesNeeded
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously, using one of the open methods
specified in section 3.1.4. The SERVICE_QUERY_CONFIG access right MUST have been
granted to the caller when the RPC context handle was created.

lpServiceConfig: A pointer to a buffer that contains the QUERY_SERVICE_CONFIGA

structure.

cbBufSize: The size, in bytes, of the lpServiceConfig parameter.

pcbBytesNeeded: An LPBOUNDED_DWORD_8K (section 2.2.8) data type that defines the

pointer to a variable that contains the number of bytes needed to return all the
configuration information if the function fails.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SERVICE_QUERY_CONFIG access right had not been

granted to the caller when the RPC context handle was
ERROR_ACCESS_DENIED created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

122 The data area passed to a system call is too small.

ERROR_INSUFFICIENT_BUFFER
Return value/code Description

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

The server MUST use the process described in Conversion Between ANSI and Unicode
String Formats (section 3.1.7) to convert a string to the appropriate format.
3.1.4.29 RQueryServiceLockStatusA
(Opnum 30)
Article04/27/2022

The RQueryServiceLockStatusA method returns the lock status of the specified SCM
database.

DWORD RQueryServiceLockStatusA(
[in] SC_RPC_HANDLE hSCManager,
[out] LPQUERY_SERVICE_LOCK_STATUSA lpLockStatus,
[in, range(0, 1024*4)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_4K pcbBytesNeeded
);

hSCManager: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the SCM database created previously, using one of the open methods specified in
section 3.1.4. The SC_MANAGER_QUERY_LOCK_STATUS access right MUST have been
granted to the caller when the RPC context handle was created.

lpLockStatus: A pointer to a buffer that contains the QUERY_SERVICE_LOCK_STATUSA

(section 2.2.16) structures.

cbBufSize: The size, in bytes, of the lpLockStatus buffer.

pcbBytesNeeded: An LPBOUNDED_DWORD_4K (section 2.2.7) data type that defines the

pointer to a variable that receives the number of bytes needed to return all the lock
status.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SC_MANAGER_QUERY_LOCK_STATUS access right had not

been granted to the caller when the RPC context handle was
ERROR_ACCESS_DENIED created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

122 The data area passed to a system call is too small.

The server MUST use the process described in Conversion Between ANSI and Unicode
String Formats (section 3.1.7) to convert a string to the appropriate format.
3.1.4.30 RStartServiceA (Opnum 31)
Article04/27/2022

The RStartServiceA method starts a specified service.

DWORD RStartServiceA(
[in] SC_RPC_HANDLE hService,
[in, range(0, SC_MAX_ARGUMENTS)]
DWORD argc,
[in, unique, size_is(argc)] LPSTRING_PTRSA argv
);

hService: An SC_RPC_HANDLE (section 2.2.4) that defines the handle to the service
record that MUST have been created previously, using one of the open methods
specified in section 3.1.4. The SERVICE_START access right MUST have been granted to
the caller when the RPC context handle was created.

argc: The number of argument strings in the argv array. If argv is NULL, this parameter
MAY be zero.

argv: A pointer to a buffer that contains an array of pointers to null-terminated ANSI

strings that are passed as arguments to the service.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.<46>

Return value/code Description

2 The system cannot find the file specified.

ERROR_FILE_NOT_FOUND

3 The system cannot find the path specified.

ERROR_PATH_NOT_FOUND

5 The SERVICE_START access right had not been granted

to the caller when the RPC context handle to the
ERROR_ACCESS_DENIED service was created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER
Return value/code Description

1053 The process for the service was started, but it did not
respond within an implementation-specific time-out.
ERROR_SERVICE_REQUEST_TIMEOUT <47>

1054 A thread could not be created for the service.

ERROR_SERVICE_NO_THREAD

1055 The service database is locked by the call to the

RLockServiceDatabase (section 3.1.4.4) method.<48>
ERROR_SERVICE_DATABASE_LOCKED

1056 The ServiceStatus.dwCurrentState in the service

record is not set to SERVICE_STOPPED.
ERROR_SERVICE_ALREADY_RUNNING

1058 The service cannot be started because the Start field in

the service record is set to SERVICE_DISABLED.
ERROR_SERVICE_DISABLED

1068 The specified service depends on another service that

has failed to start.
ERROR_SERVICE_DEPENDENCY_FAIL

1069 The service did not start due to a logon failure.

ERROR_SERVICE_LOGON_FAILED

1072 The RDeleteService method has been called for the

service record identified by the hService parameter.
ERROR_SERVICE_MARKED_FOR_DELETE

1075 The specified service depends on a service that does

not exist or has been marked for deletion.
ERROR_SERVICE_DEPENDENCY_DELETED

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

If argv is not NULL, the client SHOULD set the first element in argv to the name of the
service.

The server MUST set the ServiceStatus.dwControlsAccepted in the service record, as

specified in SERVICE_STATUS, to none (zero).

The server MUST set the ServiceStatus.dwCheckPoint in the service record, as specified
in SERVICE_STATUS, to zero.

The server MUST set the ServiceStatus.dwWaitHint in the service record, as specified in
SERVICE_STATUS, to 2 seconds.

The server MUST return ERROR_SERVICE_NO_THREAD if it is unable to create a new

thread for the service process.

If argv does not contain as many non-NULL pointers as indicated by argc, the server
MUST fail the call with ERROR_INVALID_PARAMETER (87).
3.1.4.31 RGetServiceDisplayNameA
(Opnum 32)
Article04/27/2022

The RGetServiceDisplayNameA method returns the display name of the specified

service.

DWORD RGetServiceDisplayNameA(
[in] SC_RPC_HANDLE hSCManager,
[in, string, range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpServiceName,
[out, string, size_is(*lpcchBuffer)]
LPSTR lpDisplayName,
[in, out] LPBOUNDED_DWORD_4K lpcchBuffer
);

hSCManager: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the SCM database created previously, using one of the open methods specified in
section 3.1.4.

lpServiceName: A pointer to a null-terminated ANSI string that specifies the service

name.

The forward slash, back slash, comma, and space characters are illegal in service names.

lpDisplayName: A pointer to a buffer that receives the null-terminated ANSI string that
contains the service display name.

lpcchBuffer: An LPBOUNDED_DWORD_4K (section 2.2.7) data type that defines the

pointer to a variable that specifies the size, in chars, of the buffer. On output, this
variable receives the size of the service's display name, excluding the terminating null
character.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

122 The display name does not fit in the buffer.

ERROR_INSUFFICIENT_BUFFER
Return value/code Description

123 The specified service name is invalid.

ERROR_INVALID_NAME

1060 The service record with the specified ServiceName does not
exist in the SCM database identified by the hSCManager
ERROR_SERVICE_DOES_NOT_EXIST parameter.

In response to this request from the client, for a successful operation the server MUST
look up the service record with the ServiceName matching the specified lpServiceName
in the SCM database identified by the hSCManager parameter. The server MUST return
the DisplayName from the found service record in the lpDisplayName parameter and set
the size in chars of the display name excluding the terminating null character in
lpcchBuffer.

If the lpDisplayName buffer is insufficient to hold the complete display name of the
service, the server MUST fail the call with ERROR_INSUFFICIENT_BUFFER (122) and set
the required size in chars of the display name excluding the terminating null character in
lpcchBuffer.<49> If the size is sufficient for data returned, the server also returns the size
that was set in lpcchBuffer.

If a service is created with a Unicode-encoded display name using the RCreateServiceW

method, then the server MUST convert the display name to an ANSI string before
returning it. The conversion process is specified in [MS-UCODEREF] section 3.1.5.1.1.2,
Pseudocode for Mapping a UTF-16 String to an ANSI Codepage.
3.1.4.32 RGetServiceKeyNameA (Opnum
33)
Article06/24/2021

The RGetServiceKeyNameA method returns the ServiceName of the service record with
the specified DisplayName.

DWORD RGetServiceKeyNameA(
[in] SC_RPC_HANDLE hSCManager,
[in, string, range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpDisplayName,
[out, string, size_is(*lpcchBuffer)]
LPSTR lpKeyName,
[in, out] LPBOUNDED_DWORD_4K lpcchBuffer
);

hSCManager: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the SCM database created previously, using one of the open methods specified in
section 3.1.4.

lpDisplayName: A pointer to a null-terminated ANSI string that specifies the service

display name.

lpKeyName: A pointer to a buffer that receives the null-terminated ANSI string that
contains the service name.

lpcchBuffer: An LPBOUNDED_DWORD_4K (section 2.2.7) data type that defines the

pointer to a variable that specifies the size, in chars, of the buffer. On output, this
variable receives the size of the service name, excluding the terminating null character.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

122 The data area passed to a system call is too small.

ERROR_INSUFFICIENT_BUFFER

123 The name specified in lpDisplayName is invalid or set to

NULL.
ERROR_INVALID_NAME
Return value/code Description

1060 The service record with the DisplayName matching the

specified lpDisplayName does not exist in the SCM database
ERROR_SERVICE_DOES_NOT_EXIST identified by the hSCManager parameter.

In response to this request from the client, for a successful operation the server MUST
look up the service record with DisplayName matching the display name specified by
the lpDisplayName parameter in the SCM database identified by hSCManager.

The server MUST return the ServiceName from the found service record in the
lpKeyName parameter and set the size in chars of the service name excluding the
terminating null character in lpcchBuffer.

If the lpKeyName buffer is insufficient to hold the complete service name of the service,
the server MUST fail the call with ERROR_INSUFFICIENT_BUFFER (122) and set the
required size in chars of the service name excluding the terminating null character in
lpcchBuffer.<50> If the size is sufficient for data returned, the server also returns the size
that was set in lpcchBuffer.

If a service record is created with a Unicode-encoded display name using the

RCreateServiceW method, then the server MUST convert the service name to an ANSI
string before returning it. The conversion process is specified in [MS-UCODEREF] section
3.1.5.1.1.2, Pseudocode for Mapping a UTF-16 String to an ANSI Codepage.

The server MUST use the process described in Conversion Between ANSI and Unicode
String Formats (section 3.1.7) to convert a string to the appropriate format.
3.1.4.33 REnumServiceGroupW (Opnum
35)
Article06/24/2021

The REnumServiceGroupW method returns the members of a service group.

DWORD REnumServiceGroupW(
[in] SC_RPC_HANDLE hSCManager,
[in] DWORD dwServiceType,
[in] DWORD dwServiceState,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024*256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded,
[out] LPBOUNDED_DWORD_256K lpServicesReturned,
[in, out, unique] LPBOUNDED_DWORD_256K lpResumeIndex,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
LPCWSTR pszGroupName
);

hSCManager: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the SCM created using one of the open methods specified in section 3.1.4. The
SC_MANAGER_ENUMERATE_SERVICE access right MUST have been granted to the caller
when the RPC context handle was created.

dwServiceType: A value that specifies the service records to enumerate based on their
Type. This MUST be one or a combination of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER A driver service. These are services that manage devices on

the system.
0x00000001

SERVICE_FILE_SYSTEM_DRIVER A file system driver service. These are services that manage
file systems on the system.
0x00000002

SERVICE_WIN32_OWN_PROCESS Service that runs in its own process.

0x00000010

SERVICE_WIN32_SHARE_PROCESS Service that shares a process with other services.

0x00000020
dwServiceState: A value that specifies the service records to enumerate based on their
ServiceStatus.dwCurrentState. This MUST be one of the following values.

Value Meaning

SERVICE_ACTIVE Enumerates service records with ServiceStatus.dwCurrentState values from

the following: SERVICE_START_PENDING, SERVICE_STOP_PENDING,
0x00000001 SERVICE_RUNNING, SERVICE_CONTINUE_PENDING,
SERVICE_PAUSE_PENDING, and SERVICE_PAUSED.

SERVICE_INACTIVE Enumerates service records with the ServiceStatus.dwCurrentState value

SERVICE_STOPPED.
0x00000002

SERVICE_STATE_ALL Enumerates service records with ServiceStatus.dwCurrentState values from

the following: SERVICE_START_PENDING, SERVICE_STOP_PENDING,
0x00000003 SERVICE_RUNNING, SERVICE_CONTINUE_PENDING,
SERVICE_PAUSE_PENDING, SERVICE_PAUSED, and SERVICE_STOPPED.

lpBuffer: A pointer to an array of ENUM_SERVICE_STATUSW (section 2.2.11) structures

that contain the name and service status information for each dependent service in the
database.

cbBufSize: The size, in bytes, of the array pointed to by lpBuffer.

pcbBytesNeeded: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of bytes needed to store the array of service entries.

lpServicesReturned: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of service entries returned.

lpResumeIndex: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable that

pszGroupName: A pointer to a string that specifies service records to enumerate based

on their ServiceGroup value.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SC_MANAGER_ENUMERATE_SERVICE access right had

not been granted to the caller when the RPC context handle
ERROR_ACCESS_DENIED was created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

234 More data is available.

ERROR_MORE_DATA

1060 The group specified by pszGroupName does not exist in the

SCM GroupList.
ERROR_SERVICE_DOES_NOT_EXIST

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
determine the list of service records in the SCM database identified by the hSCManager
parameter with a ServiceGroup value matching the pszGroupName parameter,
determine that their ServiceStatus.dwCurrentState is equal to the state specified by
dwCurrentState, and determine that their Type value is equal to the dwServiceType
parameter of the client request. The server MUST return this list by setting the service
name and state of each service in this list in the array of ENUM_SERVICE_STATUSW
(section 2.2.11) structures pointed to by the lpBuffer parameter and MUST set number of
services returned in the lpServicesReturned parameter.

The client MUST set lpResumeIndex to 0 on the first call. If the server fails the call with
ERROR_MORE_DATA (234), then the server MUST return a non-zero value in
lpResumeIndex that the client MUST then specify in the subsequent calls. The server
MUST set this parameter to zero if the operation succeeds. If the lpResumeIndex value is
set by the client to any non-zero number not returned by the server, the behavior is not
defined.

If the size of the lpServices array is insufficient for the list of services returned, the server
MUST fail the call with ERROR_MORE_DATA (234) and return the size, in bytes, required
in the pcbBytesNeeded parameter. If the size is sufficient for data returned, the server
also returns the required size, in bytes.
If the size of the lpServices array is sufficient for the list of services returned, the
enumerated data MAY be in the buffer in a non-contiguous manner, and portions of the
lpServices array MAY be empty (filled with 0x00).

The server MUST return ERROR_INVALID_PARAMETER (87) if a bitmask specified in

dwServiceState is zero or contains undefined values.

The server MUST return ERROR_INVALID_PARAMETER (87) if a bitmask specified in

dwServiceType is zero or contains undefined values.
3.1.4.34 RChangeServiceConfig2A
(Opnum 36)
Article04/06/2021

The RChangeServiceConfig2A method SHOULD<51> change the optional configuration

parameters of a service.

DWORD RChangeServiceConfig2A(
[in] SC_RPC_HANDLE hService,
[in] SC_RPC_CONFIG_INFOA Info
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously, using one of the open methods
specified in section 3.1.4. The SERVICE_CHANGE_CONFIG access right MUST have been
granted to the caller when the RPC context handle to the service record was created.

Info: An SC_RPC_CONFIG_INFOA (section 2.2.21) structure that contains optional

configuration information.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise it returns one of the following error codes.<52>

Return value/code Description

5 The SERVICE_CHANGE_CONFIG access right had not

been granted to the caller when the RPC context
ERROR_ACCESS_DENIED handle to the service record was created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

1072 The RDeleteService has been called for the service

record identified by the hService parameter.
ERROR_SERVICE_MARKED_FOR_DELETE

1080 SERVICE_CONFIG_FAILURE_ACTIONS cannot be

used as a dwInfoLevel in the Info parameter for
ERROR_CANNOT_DETECT_DRIVER_FAILURE service records with a Type value defined for drivers.
Return value/code Description

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
update the specific attributes of the service record identified by hService, using the
information level and the corresponding values associated with that information level as
specified in the Info parameter of the client request.

If the service has a PreferredNode setting and the client requested a change of a service
record with a Type other than SERVICE_WIN32_OWN_PROCESS, the server MUST fail the
call with ERROR_INVALID_PARAMETER (87).

If the service record ServiceGroup value is set and the client specifies a start type of
delayed autostart (see section 2.2.33), the server MUST fail the call with
ERROR_INVALID_PARAMETER (87).

The server MUST use the process described in Conversion Between ANSI and Unicode
String Formats (section 3.1.7) to convert a string to the appropriate format.
3.1.4.35 RChangeServiceConfig2W
(Opnum 37)
Article04/27/2022

The RChangeServiceConfig2W <53> method changes the optional configuration

parameters of a service.

DWORD RChangeServiceConfig2W(
[in] SC_RPC_HANDLE hService,
[in] SC_RPC_CONFIG_INFOW Info
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously, using one of the open methods
specified in section 3.1.4. The SERVICE_CHANGE_CONFIG access right MUST have been
granted to the caller when the RPC context handle to the service record was created.

Info: An SC_RPC_CONFIG_INFOW (section 2.2.22) structure that contains optional

configuration information.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise it returns one of the following error codes.<54>

Return value/code Description

5 The SERVICE_CHANGE_CONFIG access right had not

been granted to the caller when the RPC context
ERROR_ACCESS_DENIED handle to the service record was created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

1072 The RDeleteService has been called for the service

record identified by the hService parameter.
ERROR_SERVICE_MARKED_FOR_DELETE

1080 SERVICE_CONFIG_FAILURE_ACTIONS cannot be

used as a dwInfoLevel in the Info parameter for
ERROR_CANNOT_DETECT_DRIVER_FAILURE service records with a Type value defined for drivers.
Return value/code Description

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

If the service has a PreferredNode setting and the client requested a change of a service
record with a Type value other than SERVICE_WIN32_OWN_PROCESS, the server MUST
fail the call with ERROR_INVALID_PARAMETER (87).

If the service record ServiceGroup value is set and the client specifies a start type of
delayed autostart (see section 2.2.33), the server MUST fail the call with
ERROR_INVALID_PARAMETER (87).
3.1.4.36 RQueryServiceConfig2A
(Opnum 38)
Article01/04/2022

The RQueryServiceConfig2A <55> method returns the optional configuration

parameters of the specified service based on the specified information level.

DWORD RQueryServiceConfig2A(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwInfoLevel,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024*8)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_8K pcbBytesNeeded
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously, using one of the open methods
specified in section 3.1.4. The SERVICE_QUERY_CONFIG access right MUST have been
granted to the caller when the RPC context handle to the service record was created.

dwInfoLevel: A value that specifies the configuration information to query. This SHOULD
be one of the following values.

Value Meaning

SERVICE_CONFIG_DESCRIPTION The lpBuffer parameter is a pointer to a

SERVICE_DESCRIPTIONA structure.
0x00000001

SERVICE_CONFIG_FAILURE_ACTIONS The lpBuffer parameter is a pointer to a

SERVICE_FAILURE_ACTIONSA structure.
0x00000002

SERVICE_CONFIG_DELAYED_AUTO_START_INFO The lpBuffer parameter is a pointer to a

SERVICE_DELAYED_AUTO_START_INFO
0x00000003<56> structure.

SERVICE_CONFIG_FAILURE_ACTIONS_FLAG The lpBuffer parameter is a pointer to a

SERVICE_FAILURE_ACTIONS_FLAG structure.
0x00000004<57>

SERVICE_CONFIG_SERVICE_SID_INFO The lpBuffer parameter is a pointer to a

SERVICE_SID_INFO structure.
0x00000005<58>
Value Meaning

SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO The lpBuffer parameter is a pointer to a

SERVICE_RPC_REQUIRED_PRIVILEGES_INFO
0x00000006<59> structure.

SERVICE_CONFIG_PRESHUTDOWN_INFO The lpBuffer parameter is a pointer to a

SERVICE_PRESHUTDOWN_INFO structure.
0x00000007<60>

SERVICE_CONFIG_PREFERRED_NODE The lpBuffer parameter is a pointer to a

SERVICE_PREFERRED_NODE_INFO structure.
0x00000009<61> <62>

lpBuffer: A pointer to the buffer that contains the service configuration information. The
format of this data depends on the value of the dwInfoLevel parameter.

cbBufSize: The size, in bytes, of the lpBuffer parameter.

pcbBytesNeeded: An LPBOUNDED_DWORD_8K (section 2.2.8) data type that defines the

pointer to a variable that contains the number of bytes needed to return the
configuration information.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SERVICE_QUERY_CONFIG access right had not been

granted to the caller when the RPC context handle to the
ERROR_ACCESS_DENIED service record was created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

122 The data area passed to a system call is too small.

ERROR_INSUFFICIENT_BUFFER

124 The dwInfoLevel parameter contains an unsupported value.

ERROR_INVALID_LEVEL
Return value/code Description

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
query the specific configuration information stored in the SCM database associated with
the service record identified by the hService parameter, using the information level and
the corresponding values associated with that information level as specified in the
dwInfoLevel parameter of the client request. The server MUST return this configuration
data by setting the lpBuffer parameter with the appropriate structure filled with the
configuration data based on dwInfoLevel.

The server MUST set the required buffer size in the pcbBytesNeeded parameter.

If the buffer pointed to by lpBuffer is insufficient to hold all the configuration data, the
server MUST fail the call with ERROR_INSUFFICIENT_BUFFER (122).

The server MUST use the process described in Conversion Between ANSI and Unicode
String Formats (section 3.1.7) to convert a string to the appropriate format.

The server MUST return ERROR_INVALID_PARAMETER (87) if either or both lpBuffer and
pcbBytesNeeded are NULL.<63>
3.1.4.37 RQueryServiceConfig2W
(Opnum 39)
Article04/27/2022

The RQueryServiceConfig2W <64> method returns the optional configuration

parameters of the specified service based on the specified information level.

DWORD RQueryServiceConfig2W(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwInfoLevel,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024*8)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_8K pcbBytesNeeded
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously, using one of the open methods
specified in section 3.1.4. The SERVICE_QUERY_CONFIG access right MUST have been
granted to the caller when the RPC context handle to the service record was created.

Value Meaning

SERVICE_CONFIG_DESCRIPTION The lpBuffer parameter is a pointer to a

SERVICE_DESCRIPTION_WOW64 (section 2.2.36)
0x00000001 structure.

SERVICE_CONFIG_FAILURE_ACTIONS The lpBuffer parameter is a pointer to a

SERVICE_FAILURE_ACTIONS_WOW64 (section
0x00000002 2.2.37) structure.

SERVICE_CONFIG_DELAYED_AUTO_START_INFO The lpBuffer parameter is a pointer to a

SERVICE_DELAYED_AUTO_START_INFO
0x00000003<65> structure.

SERVICE_CONFIG_FAILURE_ACTIONS_FLAG The lpBuffer parameter is a pointer to a

SERVICE_FAILURE_ACTIONS_FLAG structure.
0x00000004<66>

SERVICE_CONFIG_SERVICE_SID_INFO The lpBuffer parameter is a pointer to a

SERVICE_SID_INFO structure.
0x00000005<67>

SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO The lpBuffer parameter is a pointer to a

SERVICE_REQUIRED_PRIVILEGES_INFO_WOW64
0x00000006<68> (section 2.2.38) structure.
Value Meaning

SERVICE_CONFIG_PRESHUTDOWN_INFO The lpBuffer parameter is a pointer to a

SERVICE_PRESHUTDOWN_INFO structure.
0x00000007<69>

SERVICE_CONFIG_PREFERRED_NODE The lpBuffer parameter is a pointer to a

SERVICE_PREFERRED_NODE_INFO structure.
0x00000009<70> <71>

dwInfoLevel: A value that specifies the configuration information to query. This MUST
be one of the following values.

lpBuffer: A pointer to the buffer that contains the service configuration information. The
format of this data depends on the value of the dwInfoLevel parameter.

When dwInfoLevel is SERVICE_CONFIG_DESCRIPTION, or

SERVICE_CONFIG_FAILURE_ACTIONS or SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO,
the server returns an lpBuffer parameter that has the requested data and the offset to
the start of the data from the top of the buffer. The API converts the offset into pointers
that it returns to the caller by means of the lpBuffer parameter.

cbBufSize: The size, in bytes, of the lpBuffer parameter.

pcbBytesNeeded: An LPBOUNDED_DWORD_8K (section 2.2.8) data type that defines the

pointer to a variable that receives the number of bytes needed to return the
configuration information.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

0x00000005 The SERVICE_QUERY_CONFIG access right had not been

granted to the caller when the RPC context handle to the
ERROR_ACCESS_DENIED service record was created.

0x00000006 The handle is no longer valid.

ERROR_INVALID_HANDLE

0x00000087 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

0x00000122 The data area passed to a system call is too small.

ERROR_INSUFFICIENT_BUFFER
Return value/code Description

0x00000124 The dwInfoLevel parameter contains an unsupported value.

ERROR_INVALID_LEVEL

0x00001115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

The server MUST set the required buffer size in the pcbBytesNeeded parameter.

If the buffer pointed to by lpBuffer is insufficient to hold all the configuration data, the
server MUST fail the call with ERROR_INSUFFICIENT_BUFFER (122).

The server MUST return ERROR_INVALID_PARAMETER (87) if either or both lpBuffer and
pcbBytesNeeded are NULL.<72>
3.1.4.38 RQueryServiceStatusEx (Opnum
40)
Article04/27/2022

The RQueryServiceStatusEx method returns the current status of the specified service,
based on the specified information level.

DWORD RQueryServiceStatusEx(
[in] SC_RPC_HANDLE hService,
[in] SC_STATUS_TYPE InfoLevel,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024*8)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_8K pcbBytesNeeded
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously, using one of the open methods
specified in section 3.1.4. The SERVICE_QUERY_STATUS access right MUST have been
granted to the caller when the RPC context handle to the service record was created.

InfoLevel: An enumerated value from SC_STATUS_TYPE (section 2.2.29) that specifies

which service attributes are returned. MUST be SC_STATUS_PROCESS_INFO.

lpBuffer: A pointer to the buffer that contains the status information in the form of a
SERVICE_STATUS_PROCESS (section 2.2.49) structure.

cbBufSize: The size, in bytes, of the lpBuffer parameter.

pcbBytesNeeded: An LPBOUNDED_DWORD_8K (section 2.2.8) data type that defines the

pointer to a variable that contains the number of bytes needed to return the
configuration information.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SERVICE_QUERY_STATUS access right had not been

granted to the caller when the RPC context handle to the
ERROR_ACCESS_DENIED service record was created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE
Return value/code Description

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

122 The data area passed to a system call is too small.

ERROR_INSUFFICIENT_BUFFER

124 The InfoLevel parameter contains an unsupported value.

ERROR_INVALID_LEVEL

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
query the configuration information as specified and stored in the SCM database
associated with the service record identified by the hService parameter. The server MUST
return this configuration data by setting the lpBuffer parameter with the
SERVICE_STATUS_PROCESS structure filled with the configuration data as specified in
section 2.2.49.

If the buffer pointed to by lpBuffer is insufficient to hold all the configuration data, the
server MUST fail the call with ERROR_INSUFFICIENT_BUFFER (122) and set the required
buffer size in the pcbBytesNeeded parameter.
3.1.4.39 REnumServicesStatusExA
(Opnum 41)
Article01/04/2022

The REnumServicesStatusExA method enumerates services in the specified SCM

database, based on the specified information level.

DWORD REnumServicesStatusExA(
[in] SC_RPC_HANDLE hSCManager,
[in] SC_ENUM_TYPE InfoLevel,
[in] DWORD dwServiceType,
[in] DWORD dwServiceState,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024 * 256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded,
[out] LPBOUNDED_DWORD_256K lpServicesReturned,
[in, out, unique] LPBOUNDED_DWORD_256K lpResumeIndex,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
LPCSTR pszGroupName
);

InfoLevel: An SC_ENUM_TYPE (section 2.2.20) structure that specifies which service

attributes to return. MUST be SC_ENUM_PROCESS_INFO.

dwServiceType: A value that specifies what type of service records to enumerate. This
MUST be one or a combination of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER Enumerates services of type SERVICE_KERNEL_DRIVER.

0x0000000F

SERVICE_FILE_SYSTEM_DRIVER Enumerates services of type SERVICE_FILE_SYSTEM_DRIVER.

0x00000002
Value Meaning

SERVICE_WIN32_OWN_PROCESS Enumerates services of type

SERVICE_WIN32_OWN_PROCESS.
0x00000010

SERVICE_WIN32_SHARE_PROCESS Enumerates services of type

SERVICE_WIN32_SHARE_PROCESS.
0x00000020

dwServiceState: Value that specifies the service records to enumerate based on their
ServiceStatus.dwCurrentState. This MUST be one of the following values.

Value Meaning

SERVICE_ACTIVE Enumerates service records with ServiceStatus.dwCurrentState values from

the following: SERVICE_START_PENDING, SERVICE_STOP_PENDING,
0x00000001 SERVICE_RUNNING, SERVICE_CONTINUE_PENDING,
SERVICE_PAUSE_PENDING, and SERVICE_PAUSED.

SERVICE_INACTIVE Enumerates service records with the ServiceStatus.dwCurrentState value

SERVICE_STOPPED.
0x00000002

SERVICE_STATE_ALL Enumerates service records with ServiceStatus.dwCurrentState values from

the following: SERVICE_START_PENDING, SERVICE_STOP_PENDING,
0x00000003 SERVICE_RUNNING, SERVICE_CONTINUE_PENDING,
SERVICE_PAUSE_PENDING, SERVICE_PAUSED, and SERVICE_STOPPED.

lpBuffer: A pointer to the buffer that contains the status information in the form of an
array of ENUM_SERVICE_STATUS_PROCESSA (section 2.2.12) structures.

cbBufSize: The size, in bytes, of the buffer pointed to by lpBuffer.

pcbBytesNeeded: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of bytes needed to return the configuration information.

lpServicesReturned: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of service entries returned.

lpResumeIndex: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable that

contains the current index in the enumerated list of service entries. The server MUST
assign a unique number to each service for the boot session, in increasing order, and
increment that number by one for each service addition. The value of the lpResumeIndex
parameter is one of these numbers, which the server can use to determine the
resumption point for the enumeration.
pszGroupName: A pointer to a string that specifies service records to enumerate based
on their ServiceGroup values.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SC_MANAGER_ENUMERATE_SERVICE access right had

not been granted to the caller when the RPC context handle
ERROR_ACCESS_DENIED to the SCM was created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

124 The InfoLevel parameter contains an unsupported value.

ERROR_INVALID_LEVEL

234 More data is available.

ERROR_MORE_DATA

1060 The group specified by the pszGroupName parameter does

not exist in the SCM GroupList.
ERROR_SERVICE_DOES_NOT_EXIST

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
determine the list of service records in the SCM database identified by the hSCManager
parameter with the ServiceGroup value matching the pszGroupName parameter, the
ServiceStatus.dwCurrentState equal to the state specified by dwServiceState, and the
Type equal to dwServiceType of the client request. The server MUST return this list by
setting the service name, display name, and appropriate configuration data for each of
the services in the list in the array of ENUM_SERVICE_STATUS_PROCESSA (section 2.2.12)
structures pointed to by the lpBuffer parameter and MUST set the number of services
returned in the lpServicesReturned parameter.

If the pszGroupName parameter is a nonempty or non-NULL string, the server MUST

enumerate only the services that belong to the group whose name is specified by the
pszGroupName parameter. If the pszGroupName parameter is an empty string, the
server MUST enumerate only the services that do not belong to any group. If the
pszGroupName parameter is NULL, the server MUST ignore the group membership and
enumerate all services.

If the size of the lpBuffer array is insufficient for the list of services returned, the server
MUST fail the call with ERROR_MORE_DATA (234) and return the size in bytes required in
the pcbBytesNeeded parameter. If the size is sufficient for data returned, the server also
returns the required size, in bytes.

If the size of the lpBuffer array is sufficient for the list of services returned, the
enumerated data MAY be in the buffer in a non-contiguous manner, and portions of the
lpBuffer array MAY be empty.

The server MUST use the process described in Conversion Between ANSI and Unicode
String Formats (section 3.1.7) to convert a string to the appropriate format.

The server MUST return ERROR_INVALID_PARAMETER (87) if a bitmask specified in

dwServiceState is zero or contains undefined values.

The server MUST return ERROR_INVALID_PARAMETER (87) if a bitmask specified in

dwServiceType is zero or contains undefined values.
3.1.4.40 REnumServicesStatusExW
(Opnum 42)
Article04/27/2022

The REnumServicesStatusExW method enumerates services in the specified SCM

database, based on the specified information level.

DWORD REnumServicesStatusExW(
[in] SC_RPC_HANDLE hSCManager,
[in] SC_ENUM_TYPE InfoLevel,
[in] DWORD dwServiceType,
[in] DWORD dwServiceState,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024*256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded,
[out] LPBOUNDED_DWORD_256K lpServicesReturned,
[in, out, unique] LPBOUNDED_DWORD_256K lpResumeIndex,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
LPCWSTR pszGroupName
);

InfoLevel: An SC_ENUM_TYPE (section 2.2.20) structure that specifies which service

attributes are returned. This MUST be SC_ENUM_PROCESS_INFO.

dwServiceType: A value that specifies the service records to enumerate based on their
Type. This MUST be one or a combination of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER Enumerates services of type SERVICE_KERNEL_DRIVER.

0x00000001

SERVICE_FILE_SYSTEM_DRIVER Enumerates services of type SERVICE_FILE_SYSTEM_DRIVER.

0x00000002
Value Meaning

SERVICE_WIN32_OWN_PROCESS Enumerates services of type

SERVICE_WIN32_OWN_PROCESS.
0x00000010

SERVICE_WIN32_SHARE_PROCESS Enumerates services of type

SERVICE_WIN32_SHARE_PROCESS.
0x00000020

dwServiceState: A value that specifies the service records to enumerate based on their
ServiceStatus.dwCurrentState. This MUST be one of the following values.

Value Meaning

SERVICE_ACTIVE Enumerates service records with ServiceStatus.dwCurrentState values from

the following: SERVICE_START_PENDING, SERVICE_STOP_PENDING,
0x00000001 SERVICE_RUNNING, SERVICE_CONTINUE_PENDING,
SERVICE_PAUSE_PENDING, and SERVICE_PAUSED.

SERVICE_INACTIVE Enumerates service records with the ServiceStatus.dwCurrentState value

SERVICE_STOPPED.
0x00000002

SERVICE_STATE_ALL Enumerates service records with ServiceStatus.dwCurrentState values from

the following: SERVICE_START_PENDING, SERVICE_STOP_PENDING,
0x00000003 SERVICE_RUNNING, SERVICE_CONTINUE_PENDING,
SERVICE_PAUSE_PENDING, SERVICE_PAUSED, and SERVICE_STOPPED.

lpBuffer: A pointer to the buffer that contains the status information in the form of an
array of ENUM_SERVICE_STATUS_PROCESSW (section 2.2.13) structures.

cbBufSize: The size, in bytes, of the buffer pointed to by lpBuffer.

pcbBytesNeeded: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of bytes needed to return the configuration information if the
method fails.

lpServicesReturned: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable

that contains the number of service entries returned.

lpResumeIndex: An LPBOUNDED_DWORD_256K (section 2.2.9) pointer to a variable that

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) (ERROR_SUCCESS)

on success; otherwise, it returns one of the following error codes.

Return value/code Description

5 The SC_MANAGER_ENUMERATE_SERVICE access right had

not been granted to the caller when the RPC context handle
ERROR_ACCESS_DENIED to the SCM was created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

124 The InfoLevel parameter contains an unsupported value.

ERROR_INVALID_LEVEL

234 More data is available.

ERROR_MORE_DATA

1060 The group specified by the pszGroupName parameter does

not exist in the SCM GroupList.
ERROR_SERVICE_DOES_NOT_EXIST

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the server MUST
determine the list of service records in the SCM database identified by the hSCManager
parameter with a ServiceGroup value matching the pszGroupName parameter,
ServiceStatus.dwCurrentState equal to the state specified by dwServiceState, and Type
equal to dwServiceType of the client request. The server MUST return this list by setting
the service name, display name, and the appropriate configuration data for each of the
services in the list in the array of ENUM_SERVICE_STATUS_PROCESSW (section 2.2.13)
structures pointed to by the lpBuffer parameter and MUST set the number of services
returned in the lpServicesReturned parameter.

If the pszGroupName parameter is a nonempty or non-NULL string, the server MUST

The server MUST return ERROR_INVALID_PARAMETER (87) if a bitmask specified in

dwServiceState is zero or contains undefined values.

The server MUST return ERROR_INVALID_PARAMETER (87) if a bitmask specified in

dwServiceType is zero or contains undefined values.
3.1.4.41 RCreateServiceWOW64A
(Opnum 44)
Article04/27/2022

The RCreateServiceWOW64A method creates the service record for a 32-bit service on a
64-bit system with the path to the file image automatically adjusted to point to a 32-bit
file location on the system.

DWORD RCreateServiceWOW64A(
[in] SC_RPC_HANDLE hSCManager,
[in, string, range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpServiceName,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpDisplayName,
[in] DWORD dwDesiredAccess,
[in] DWORD dwServiceType,
[in] DWORD dwStartType,
[in] DWORD dwErrorControl,
[in, string, range(0, SC_MAX_PATH_LENGTH)]
LPSTR lpBinaryPathName,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpLoadOrderGroup,
[in, out, unique] LPDWORD lpdwTagId,
[in, unique, size_is(dwDependSize)]
LPBYTE lpDependencies,
[in, range(0, SC_MAX_DEPEND_SIZE)]
DWORD dwDependSize,
[in, string, unique, range(0, SC_MAX_ACCOUNT_NAME_LENGTH)]
LPSTR lpServiceStartName,
[in, unique, size_is(dwPwSize)]
LPBYTE lpPassword,
[in, range(0, SC_MAX_PWD_SIZE)]
DWORD dwPwSize,
[out] LPSC_RPC_HANDLE lpServiceHandle
);

hSCManager: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the SCM database that MUST have been created previously, using one of the open
methods specified in section 3.1.4. The SC_MANAGER_CREATE_SERVICE access right
MUST have been granted to the caller when the RPC context handle to the SCM was
created.

lpServiceName: A pointer to a null-terminated ANSI string that specifies the name of

the service to install. This MUST not be null.
lpDisplayName: A pointer to a null-terminated ANSI string that contains the display
name by which user interface programs identify the service.

dwDesiredAccess: A value that specifies the access to the service. This MUST be one of
the values as specified in section 3.1.4.

dwServiceType: A value that specifies the type of service. This MUST be one or a
combination of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER A driver service. These are services that manage devices on

the system.
0x00000001

SERVICE_FILE_SYSTEM_DRIVER A file system driver service. These are services that manage
file systems on the system.
0x00000002

SERVICE_WIN32_OWN_PROCESS Service that runs within its own process.

0x00000010

SERVICE_WIN32_SHARE_PROCESS Service that shares an execution process with other services.

0x00000020

SERVICE_INTERACTIVE_PROCESS The service can interact with the desktop.

0x00000100

dwStartType: A value that specifies when to start the service. This MUST be one of the
following values.

Value Meaning

SERVICE_BOOT_START Starts the driver service when the system boots up. This value is valid
only for driver services.
0x00000000

SERVICE_AUTO_START Starts the service automatically during system startup.

0x00000002

SERVICE_DEMAND_START Starts the service when a client requests the SCM to start the service.

0x00000003
Value Meaning

SERVICE_DISABLED Service cannot be started.

0x00000004

dwErrorControl: A value that specifies the severity of the error if the service fails to start
and determines the action that the SCM takes. This MUST be one of the following
values.

Value Meaning

SERVICE_ERROR_IGNORE The SCM ignores the error and continues the startup operation.

0x00000000

SERVICE_ERROR_NORMAL The SCM logs the error, but continues the startup operation.

0x00000001

lpBinaryPathName: A pointer to a null-terminated ANSI string that contains the fully

lpLoadOrderGroup: A pointer to a null-terminated ANSI string that names the load-

ordering group of which this service is a member.

Specify NULL or an empty string if the service does not belong to a load-ordering
group.

lpdwTagId: A pointer to a variable that receives a tag value. The value is unique to the
group specified in the lpLoadOrderGroup parameter.

lpDependencies: A pointer to an array of null-separated names of services or load

ordering groups that MUST start before this service. The array is doubly null-terminated.
Load ordering group names are prefixed with a "+" character (to distinguish them from
service names). If the pointer is NULL or if it points to an empty string, the service has no
dependencies. Cyclic dependency between services is not allowed. The character set is
ANSI. Dependency on a service means that this service can only run if the service it
depends on is running. Dependency on a group means that this service can run if at
least one member of the group is running after an attempt to start all members of the
group.

dwDependSize: The size, in bytes, of the string specified by the dwDependSize

parameter.

lpServiceStartName: A pointer to a null-terminated ANSI that specifies the name of the

account under which the service runs.

lpPassword: A pointer to a null-terminated ANSI string that contains the password of

the account whose name was specified by the lpServiceStartName parameter.

dwPwSize: The size, in bytes, of the password specified by the lpPassword parameter.

lpServiceHandle: An LPSC_RPC_HANDLE (section 2.2.4) data type that defines the

handle to the newly created service record.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, one of the following error codes.

Return value/code Description

5 The SC_MANAGER_CREATE_SERVICE access right had

not been granted to the caller when the RPC context
ERROR_ACCESS_DENIED handle to the SCM was created.

6 The handle specified is invalid.

ERROR_INVALID_HANDLE

13 The data is invalid.

ERROR_INVALID_DATA

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

123 The specified service name is invalid.

ERROR_INVALID_NAME

1057 The user account name specified in the

lpServiceStartName parameter does not exist.
ERROR_INVALID_SERVICE_ACCOUNT
Return value/code Description

1059 A circular service dependency was specified.

ERROR_CIRCULAR_DEPENDENCY

1072 The service record with a specified name already exists

and RDeleteService has been called for it.
ERROR_SERVICE_MARKED_FOR_DELETE

1073 The service record with the ServiceName matching the

specified lpServiceName already exists.
ERROR_SERVICE_EXISTS

1078 The service record with the same DisplayName or the

same ServiceName as the passed-in lpDisplayName
ERROR_DUPLICATE_SERVICE_NAME already exists in the SCM database.

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

The only valid combinations of values for dwServiceType are

The server MUST convert the location specified in the lpBinaryPathName parameter to
point to the 32-bit location on a 64-bit system.<73>

The server MUST use the process described in Conversion Between ANSI and Unicode
String Formats (section 3.1.7) to convert a string to the appropriate format.

If lpBinaryPathName contains arguments, the server MUST pass these arguments to the
service entry point.
If lpdwTagId has a valid value and lpLoadOrderGroup is either NULL or an empty string,
then the server MUST return ERROR_INVALID_PARAMETER.
3.1.4.42 RCreateServiceWOW64W
(Opnum 45)
Article04/27/2022

The RCreateServiceWOW64W method creates the service record for a 32-bit service on a
64-bit system with the path to the file image automatically adjusted to point to a 32-bit
file location on the system.

DWORD RCreateServiceWOW64W(
[in] SC_RPC_HANDLE hSCManager,
[in, string, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpServiceName,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpDisplayName,
[in] DWORD dwDesiredAccess,
[in] DWORD dwServiceType,
[in] DWORD dwStartType,
[in] DWORD dwErrorControl,
[in, string, range(0, SC_MAX_PATH_LENGTH)]
wchar_t* lpBinaryPathName,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpLoadOrderGroup,
[in, out, unique] LPDWORD lpdwTagId,
[in, unique, size_is(dwDependSize)]
LPBYTE lpDependencies,
[in, range(0, SC_MAX_DEPEND_SIZE)]
DWORD dwDependSize,
[in, string, unique, range(0, SC_MAX_ACCOUNT_NAME_LENGTH)]
wchar_t* lpServiceStartName,
[in, unique, size_is(dwPwSize)]
LPBYTE lpPassword,
[in, range(0, SC_MAX_PWD_SIZE)]
DWORD dwPwSize,
[out] LPSC_RPC_HANDLE lpServiceHandle
);

lpServiceName: A pointer to a null-terminated UNICODE string that specifies the name

of the service to install. This MUST NOT be NULL.

The forward slash, back slash, comma, and space characters are illegal in service names.
lpDisplayName: A pointer to a null-terminated UNICODE string that contains the
display name by which user interface programs identify the service.

dwDesiredAccess: A value that specifies the access to the service. This MUST be one of
the values as specified in section 3.1.4.

dwServiceType: A value that specifies the type of service. This MUST be one or a
combination of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER A driver service. These are services that manage devices on

the system.
0x00000001

SERVICE_FILE_SYSTEM_DRIVER A file system driver service. These are services that manage
file systems on the system.
0x00000002

SERVICE_WIN32_OWN_PROCESS Service that runs within its own process.

0x00000010

SERVICE_WIN32_SHARE_PROCESS Service that shares a process with other services.

0x00000020

SERVICE_INTERACTIVE_PROCESS The service can interact with the desktop.

0x00000100

dwStartType: A value that specifies when to start the service. This MUST be one of the
following values.

Value Meaning

SERVICE_BOOT_START Starts the driver service when the system boots up. This value is valid
only for driver services.
0x00000000

SERVICE_AUTO_START Starts the service automatically during system startup.

0x00000002

SERVICE_DEMAND_START Starts the service when a client requests the SCM to start the service.

0x00000003
Value Meaning

SERVICE_DISABLED Service cannot be started.

0x00000004

dwErrorControl: A value that specifies the severity of the error if the service fails to start
and determines the action that the SCM takes. This MUST be one of the following
values.

Value Meaning

SERVICE_ERROR_IGNORE The SCM ignores the error and continues the startup operation.

0x00000000

SERVICE_ERROR_NORMAL The SCM logs the error, but continues the startup operation.

0x00000001

lpBinaryPathName: A pointer to a null-terminated UNICODE string that contains the

lpLoadOrderGroup: A pointer to a null-terminated UNICODE string that names the

load-ordering group of which this service is a member.

Specify NULL or an empty string if the service does not belong to a load-ordering
group.

lpdwTagId: A pointer to a variable that receives a tag value. The value is unique to the
group specified in the lpLoadOrderGroup parameter.

lpDependencies: A pointer to an array of null-separated names of services or load

dwDependSize: The size, in bytes, of the string specified by the dwDependSize

parameter.

lpServiceStartName: A pointer to a null-terminated UNICODE string that specifies the

name of the account under which the service runs.

lpPassword: A pointer to a null-terminated UNICODE string that contains the password

of the account whose name was specified by the lpServiceStartName parameter.

dwPwSize: The size, in bytes, of the password specified by the lpPassword parameter.

lpServiceHandle: An LPSC_RPC_HANDLE (section 2.2.4) data type that defines the

handle to the newly created service record.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SC_MANAGER_CREATE_SERVICE access right had

not been granted to the caller when the RPC context
ERROR_ACCESS_DENIED handle to the SCM was created.

6 The handle specified is invalid.

ERROR_INVALID_HANDLE

13 The data is invalid.

ERROR_INVALID_DATA

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

123 The specified service name is invalid.

ERROR_INVALID_NAME

1057 The user account name specified in the

lpServiceStartName parameter does not exist.
ERROR_INVALID_SERVICE_ACCOUNT
Return value/code Description

1059 A circular service dependency was specified.

ERROR_CIRCULAR_DEPENDENCY

1072 The service record with a specified name already exists,

and RDeleteService has been called for it.
ERROR_SERVICE_MARKED_FOR_DELETE

1073 The service record with the ServiceName matching the

specified lpServiceName already exists.
ERROR_SERVICE_EXISTS

1078 The service record with the same DisplayName or the

same ServiceName as the passed-in lpDisplayName
ERROR_DUPLICATE_SERVICE_NAME already exists in the service control manager database.

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

The server MUST convert the location specified in the lpBinaryPathName parameter to
point to the 32-bit location on a 64-bit system.

The only valid combinations of values for dwServiceType are

If lpBinaryPathName contains arguments, the server MUST pass these arguments to the
service entry point.

If lpdwTagId has a valid value and lpLoadOrderGroup is either NULL or an empty string,
then the server MUST return ERROR_INVALID_PARAMETER.
3.1.4.43 RNotifyServiceStatusChange
(Opnum 47)
Article04/27/2022

The RNotifyServiceStatusChange method<74> allows the client to register for

notifications and check, via RGetNotifyResults (section 3.1.4.44), when the specified
service of type SERVICE_WIN32_OWN_PROCESS or SERVICE_WIN32_SHARE_PROCESS is
created or deleted or when its status changes.

DWORD RNotifyServiceStatusChange(
[in] SC_RPC_HANDLE hService,
[in] SC_RPC_NOTIFY_PARAMS NotifyParams,
[in] GUID* pClientProcessGuid,
[out] GUID* pSCMProcessGuid,
[out] PBOOL pfCreateRemoteQueue,
[out] LPSC_NOTIFY_RPC_HANDLE phNotify
);

hService: An SC_RPC_HANDLE data type that defines the handle to the SCM for
SERVICE_NOTIFY_CREATED and SERVICE_NOTIFY_DELETED notifications or to the service
record for all other notification types that MUST have been created previously, using
one of the open methods specified in section 3.1.4. The
SC_MANAGER_ENUMERATE_SERVICE access right MUST have been granted to the caller
when the RPC context handle to the SCM was created, or the SERVICE_QUERY_STATUS
access right MUST have been granted to the caller when the RPC context handle to the
service record was created.

NotifyParams: An SC_RPC_NOTIFY_PARAMS (section 2.2.23) data type that defines the

service status notification information.

pClientProcessGuid: Not used. This MUST be ignored.

pSCMProcessGuid: Not used. This MUST be ignored.

pfCreateRemoteQueue: Not used. This MUST be ignored.

phNotify: An LPSC_NOTIFY_RPC_HANDLE (section 2.2.6) data type that defines a handle

to the notification status associated with the client for the specified service.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.
Return value/code Description

5 The SC_MANAGER_ENUMERATE_SERVICE access

right had not been granted to the caller when the
ERROR_ACCESS_DENIED RPC context handle to the SCM was created, or the
SERVICE_QUERY_STATUS access right had not been
granted to the caller when the RPC context handle
to the service record was created.

6 The handle is no longer valid or is not supported for

the specified notification.
ERROR_INVALID_HANDLE

50 The request is not supported.

ERROR_NOT_SUPPORTED

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

124 The system call level is not correct.

ERROR_INVALID_LEVEL

1072 The RDeleteService has been called for the service

record identified by the hService parameter.
ERROR_SERVICE_MARKED_FOR_DELETE

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

1242 A notification status handle has already been

created for the service handle passed in the hService
ERROR_ALREADY_REGISTERED parameter.

1294 The service notification client is lagging too far

behind the current state of services in the machine.
ERROR_SERVICE_NOTIFY_CLIENT_LAGGING

In response to this request from the client, for a successful operation, the server MUST
associate NOTIFY_RPC_HANDLE for the caller to check for status changes using
RGetNotifyResults for the service record identified by the hService parameter.

The server MUST ignore any value set in the ullThreadId parameter in NotifyParams.

The server MUST fail the call and return ERROR_INVALID_PARAMETER if dwNotifyMask
contains masks for both create/delete events and service status events.
The client can set the value of pClientProcessGuid, pSCMProcessGuid, and
pfCreatRemoteQueue to any value, such as 0, and the server MUST ignore these.

The server MUST return ERROR_NOT_SUPPORTED (50) if the value of dwInfoLevel is

greater than SERVICE_NOTIFY_STATUS_CHANGE.

The server MUST return ERROR_INVALID_LEVEL (124) if the value of dwInfoLevel is not
SERVICE_NOTIFY_STATUS_CHANGE (0x2) or SERVICE_NOTIFY_STATUS_CHANGE_1 (0x1).
3.1.4.44 RGetNotifyResults (Opnum 48)
Article10/30/2020

The RGetNotifyResults method<75> returns notification information when the specified

status change that was previously requested by the client via
RNotifyServiceStatusChange (section 3.1.4.43) occurs on a specified service.

The client MUST make one call to RGetNotifyResults for each call to
RNotifyServiceStatusChange.

error_status_t RGetNotifyResults(
[in] SC_NOTIFY_RPC_HANDLE hNotify,
[out] PSC_RPC_NOTIFY_PARAMS_LIST* ppNotifyParams
);

hNotify: An SC_NOTIFY_RPC_HANDLE (section 2.2.6) data type that defines a handle to

the notification status associated with the client. This is the handle returned by an
RNotifyServiceStatusChange call.

ppNotifyParams: A pointer to a buffer that receives an SC_RPC_NOTIFY_PARAMS_LIST

(section 2.2.24) data type.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

1235 The request was aborted.

ERROR_REQUEST_ABORTED

In response to this request, the server MUST wait until the service state in the service
record changes to one of the values specified in the SC_RPC_NOTIFY_PARAMS (section
2.2.23) structure passed to the RNotifyServiceStatusChange method that returned the
hNotify parameter. When the service changes state to one of the values specified in the
SC_RPC_NOTIFY_PARAMS structure associated with the hNotify parameter, the server
MUST update the client by setting the appropriate values in the ppNotifyParams
parameter and returning the call.<76>

The client MUST ignore any value set in the ullThreadId parameter in ppNotifyParams.
3.1.4.45 RCloseNotifyHandle (Opnum
49)
Article10/30/2020

The RCloseNotifyHandle method<77> unregisters the client from receiving future

notifications via the RGetNotifyResults (section 3.1.4.44) method from the server for
specified status changes on a specified service.

DWORD RCloseNotifyHandle(
[in, out] LPSC_NOTIFY_RPC_HANDLE phNotify,
[out] PBOOL pfApcFired
);

phNotify: An SC_NOTIFY_RPC_HANDLE (section 2.2.6) data type that defines a handle to

the notification status associated with the client. This is the handle returned by an
RNotifyServiceStatusChange call.

pfApcFired: Not used.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns the following error code.

Return value/code Description

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

In response to this request from the client, for a successful operation the server MUST
close the handle specified in the phNotify parameter and stop notifying the client about
status changes for the service record associated with the handle.
3.1.4.46 RControlServiceExA (Opnum 50)
Article10/30/2020

The RControlServiceExA method<78> receives a control code for a specific service.

DWORD RControlServiceExA(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwControl,
[in] DWORD dwInfoLevel,
[in, switch_is(dwInfoLevel)] PSC_RPC_SERVICE_CONTROL_IN_PARAMSA
pControlInParams,
[out, switch_is(dwInfoLevel)] PSC_RPC_SERVICE_CONTROL_OUT_PARAMSA
pControlOutParams
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously, using one of the open methods
specified in section 3.1.4.

dwControl: Requested control code. This MUST be one of the following values.

Value Meaning

SERVICE_CONTROL_STOP Notifies a service to stop. The SERVICE_STOP access right

MUST have been granted to the caller when the RPC
0x00000001 control handle to the service record was created. The
service record MUST have the SERVICE_ACCEPT_STOP bit
set in the ServiceStatus.dwControlsAccepted field of the
service record.

SERVICE_CONTROL_PAUSE Notifies a service to pause. The

SERVICE_CONTROL_CONTINUE Notifies a paused service to resume. The

SERVICE_CONTROL_INTERROGATE Notifies a service to report its current status information

to the SCM. The SERVICE_INTERROGATE access right
0x00000004 MUST have been granted to the caller when the RPC
control handle to the service record was created.

SERVICE_CONTROL_PARAMCHANGE Notifies a service that its startup parameters have

SERVICE_CONTROL_NETBINDADD Notifies a service that there is a new component for

SERVICE_CONTROL_NETBINDREMOVE Notifies a network service that a component for binding

SERVICE_CONTROL_NETBINDENABLE Notifies a network service that a disabled binding has

SERVICE_CONTROL_NETBINDDISABLE Notifies a network service that one of its bindings has

Services can define their own codes in the range 128-255.

dwInfoLevel: The information level for the service control parameters. This MUST be set
to 0x00000001.

pControlInParams: A pointer to a SERVICE_CONTROL_STATUS_REASON_IN_PARAMSA

(section 2.2.30) structure that contains the reason associated with the
SERVICE_CONTROL_STOP control.

pControlOutParams: A pointer to a buffer that contains a

SERVICE_CONTROL_STATUS_REASON_OUT_PARAMS (section 2.2.32) structure to receive
the current status on the service.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The required access right had not been granted to

the caller when the RPC context handle to the service
ERROR_ACCESS_DENIED record was created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

87 The requested control code is undefined.

ERROR_INVALID_PARAMETER

124 The dwInfoLevel parameter contains an unsupported

value.
ERROR_INVALID_LEVEL

1051 The service cannot be stopped because other

running services are dependent on it.
ERROR_DEPENDENT_SERVICES_RUNNING
Return value/code Description

1052 The requested control code is not valid, or it is

unacceptable to the service.
ERROR_INVALID_SERVICE_CONTROL

1053 The process for the service was started, but it did not
respond within an implementation-specific time-out.
ERROR_SERVICE_REQUEST_TIMEOUT <79>

1061 The requested control code cannot be sent to the

service because the state of the service is
ERROR_SERVICE_CANNOT_ACCEPT_CTRL SERVICE_START_PENDING or
SERVICE_STOP_PENDING.

1062 The service has not been started, or the

ServiceStatus.dwCurrentState in the service record is
ERROR_SERVICE_NOT_ACTIVE SERVICE_STOPPED.

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

In response to this request from the client, for a successful operation the SCM MUST
send the control specified in the dwControl parameter to the service created for the
service record identified by the hService parameter of the client request if the type of the
service record is SERVICE_WIN32_OWN_PROCESS or SERVICE_WIN32_SHARE_PROCESS.

If the type of the service record is SERVICE_KERNEL_DRIVER or

SERVICE_FILESYSTEM_DRIVER, and dwControl parameter is not
SERVICE_CONTROL_INTERROGATE or SERVICE_CONTROL_STOP, the SCM MUST fail the
request with ERROR_INVALID_SERVICE_CONTROL.

If the type of the service record is SERVICE_KERNEL_DRIVER or

SERVICE_FILESYSTEM_DRIVER, the SCM MUST query the current status of the driver
from the operating system and set the ServiceStatus.dwCurrentState of the service
record to SERVICE_RUNNING if driver is loaded and to SERVICE_STOPPED if it is not.

If the dwControl is not SERVICE_CONTROL_INTERROGATE and the type of the service

record is SERVICE_KERNEL_DRIVER or SERVICE_FILESYSTEM_DRIVER and the driver is
managed by the PnP subsystem, the SCM MUST fail the request with
ERROR_INVALID_SERVICE_CONTROL. In response to this request from the client, for a
successful operation the SCM MUST return the current status of the service by setting
pControlOutParams after the operation.

If the ServiceStatus.dwControlsAccepted field of the service record does not have a

required SERVICE_ACCEPT_xxx bit set, the SCM MUST fail the request with
ERROR_INVALID_SERVICE_CONTROL.

If the dwInfoLevel parameter of the client request is set to 0x00000001, the server MUST
provide information in pControlOutParams.

The server MUST return the services last known state if dwControl is
SERVICE_CONTROL_INTERROGATE and the service is in START_PENDING state.

If dwControl is not equal to SERVICE_CONTROL_STOP, pControlInParams->pszComment

MUST be NULL. If not, the server MUST fail the call and return
ERROR_INVALID_PARAMETER (87).

The server MUST use the process described in Conversion Between ANSI and Unicode
String Formats (section 3.1.7) to convert a string to the appropriate format.
3.1.4.47 RControlServiceExW (Opnum
51)
Article10/30/2020

The RControlServiceExW method<80> receives a control code for a specific service.

DWORD RControlServiceExW(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwControl,
[in] DWORD dwInfoLevel,
[in, switch_is(dwInfoLevel)] PSC_RPC_SERVICE_CONTROL_IN_PARAMSW
pControlInParams,
[out, switch_is(dwInfoLevel)] PSC_RPC_SERVICE_CONTROL_OUT_PARAMSW
pControlOutParams
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously, using one of the open methods
specified in section 3.1.4.

dwControl: Requested control code. MUST be one of the following values.

Value Meaning

SERVICE_CONTROL_STOP Notifies a service to stop. The SERVICE_STOP access right

SERVICE_CONTROL_PAUSE Notifies a service to pause. The

SERVICE_CONTROL_CONTINUE Notifies a paused service to resume. The

SERVICE_CONTROL_INTERROGATE Notifies a service to report its current status information

to the SCM. The SERVICE_INTERROGATE access right
0x00000004 MUST have been granted to the caller when the RPC
control handle to the service record was created.

SERVICE_CONTROL_PARAMCHANGE Notifies a service that its startup parameters have

SERVICE_CONTROL_NETBINDADD Notifies a service that there is a new component for

SERVICE_CONTROL_NETBINDREMOVE Notifies a network service that a component for binding

SERVICE_CONTROL_NETBINDENABLE Notifies a network service that a disabled binding has

SERVICE_CONTROL_NETBINDDISABLE Notifies a network service that one of its bindings has

Services can define their own codes in the range 128-255.

dwInfoLevel: The information level for the service control parameters. This MUST be set
to 0x00000001.

pControlInParams: A pointer to a SERVICE_CONTROL_STATUS_REASON_IN_PARAMSW

(section 2.2.31) structure that contains the reason associated with the
SERVICE_CONTROL_STOP control.

pControlOutParams: A pointer to a buffer that contains a

SERVICE_CONTROL_STATUS_REASON_OUT_PARAMS (section 2.2.32) structure to receive
the current status on the service.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

0x00000005 The required access right had not been granted to

the caller when the RPC context handle to the service
ERROR_ACCESS_DENIED record was created.

0x00000006 The handle is no longer valid.

ERROR_INVALID_HANDLE

0x00000087 The requested control code is undefined.

ERROR_INVALID_PARAMETER

0x00000124 The dwInfoLevel parameter contains an unsupported

level.
ERROR_INVALID_LEVEL

0x00001051 The service cannot be stopped because other

running services are dependent on it.
ERROR_DEPENDENT_SERVICES_RUNNING
Return value/code Description

0x00001052 The requested control code is not valid, or it is

unacceptable to the service.
ERROR_INVALID_SERVICE_CONTROL

0x00001053 The process for the service was started, but it did not
respond within an implementation-specific timeout.
ERROR_SERVICE_REQUEST_TIMEOUT <81>

0x00001061 The requested control code cannot be sent to the

service because the state of the service is
ERROR_SERVICE_CANNOT_ACCEPT_CTRL SERVICE_START_PENDING or
SERVICE_STOP_PENDING.

0x00001062 The service has not been started, or the

ServiceStatus.dwCurrentState in the service record is
ERROR_SERVICE_NOT_ACTIVE SERVICE_STOPPED.

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

If the type of the service record is SERVICE_KERNEL_DRIVER or

SERVICE_FILESYSTEM_DRIVER, and dwControl parameter is not
SERVICE_CONTROL_INTERROGATE or SERVICE_CONTROL_STOP, the SCM MUST fail the
request with ERROR_INVALID_SERVICE_CONTROL.

If the type of the service record is SERVICE_KERNEL_DRIVER or

SERVICE_FILESYSTEM_DRIVER, the SCM MUST query the current status of the driver
from the Operating System and set the ServiceStatus.dwCurrentState of the service
record to SERVICE_RUNNING if driver is loaded and SERVICE_STOPPED if it is not.

If the dwControl is not SERVICE_CONTROL_INTERROGATE and type of the service record

is SERVICE_KERNEL_DRIVER or SERVICE_FILESYSTEM_DRIVER and the driver is managed
by the PnP subsystem, the SCM MUST fail the request with
ERROR_INVALID_SERVICE_CONTROL.

If the ServiceStatus.dwControlsAccepted field of the service record does not have a

required SERVICE_ACCEPT_xxx bit set, the SCM MUST fail the request with
ERROR_INVALID_SERVICE_CONTROL.
In response to this request from the client, for a successful operation the SCM MUST
return the current status of the service by setting pControlOutParams after the
operation.

The server MUST return the services last known state if dwControl is
SERVICE_CONTROL_INTERROGATE and the service is in START_PENDING state.

The server MUST provide information in pControlOutParams.

If dwControl is not equal to SERVICE_CONTROL_STOP, pControlInParams->pszComment

MUST be NULL. If not, the server MUST fail the call and return
ERROR_INVALID_PARAMETER (87).
3.1.4.48 RQueryServiceConfigEx (Opnum
56)
Article10/30/2020

The RQueryServiceConfigEx method SHOULD<82> query the optional configuration

parameters of a service.

DWORD RQueryServiceConfigEx(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwInfoLevel,
[out] SC_RPC_CONFIG_INFOW* pInfo
);

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the
service record that MUST have been created previously, using one of the open methods
specified in section 3.1.4. The SERVICE_QUERY_CONFIG access right MUST have been
granted to the caller when the RPC context handle was created.

dwInfoLevel: The information level for the service configuration parameters. This MUST
be set to 0x00000008 which corresponds to the service's trigger information.

pInfo: A pointer to an SC_RPC_CONFIG_INFOW (section 2.2.22) structure that contains

optional configuration information.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SERVICE_QUERY_CONFIG access right had not been

granted to the caller when the RPC context handle was
ERROR_ACCESS_DENIED created.

6 The handle is no longer valid.

ERROR_INVALID_HANDLE

124 The dwInfoLevel parameter contains an unsupported value.

ERROR_INVALID_LEVEL

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS
In response to this request from the client, for a successful operation the server MUST
query the specific configuration information stored in the SCM database in the service
record identified by the hService parameter, using the information level and the
corresponding values associated with that information level as specified in the
dwInfoLevel parameter of the client request. The server MUST return this configuration
data by setting the pInfo parameter with the appropriate structure filled with the
configuration data based on dwInfoLevel.

The server MUST return a service's trigger information by returning a

SERVICE_TRIGGER_INFO structure.
3.1.4.49 RCreateWowService (Opnum
60)
Article04/27/2022

The RCreateWowService method creates a service whose binary is compiled for a

specified computer architecture.<83> The path to the file image is automatically
adjusted to point to the correct WoW-redirected location.

DWORD RCreateWowService(
[in] SC_RPC_HANDLE hSCManager,
[in, string, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpServiceName,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpDisplayName,
[in] DWORD dwDesiredAccess,
[in] DWORD dwServiceType,
[in] DWORD dwStartType,
[in] DWORD dwErrorControl,
[in, string, range(0, SC_MAX_PATH_LENGTH)]
wchar_t* lpBinaryPathName,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpLoadOrderGroup,
[in, out, unique] LPDWORD lpdwTagId,
[in, unique, size_is(dwDependSize)]
LPBYTE lpDependencies,
[in, range(0, SC_MAX_DEPEND_SIZE)]
DWORD dwDependSize,
[in, string, unique, range(0, SC_MAX_ACCOUNT_NAME_LENGTH)]
wchar_t* lpServiceStartName,
[in, unique, size_is(dwPwSize)]
LPBYTE lpPassword,
[in, range(0, SC_MAX_PWD_SIZE)]
DWORD dwPwSize,
[in] USHORT dwServiceWowType,
[out] LPSC_RPC_HANDLE lpServiceHandle
);

lpServiceName: A pointer to a null-terminated Unicode string that specifies the name of

the service to install. This MUST NOT be NULL.

The forward slash, back slash, comma, and space characters are illegal in service names.
lpDisplayName: A pointer to a null-terminated Unicode string that contains the display
name by which user interface programs identify the service.

dwDesiredAccess: A value that specifies the access to the service. This MUST be one of
the values as specified in section 3.1.4.

dwServiceType: A value that specifies the type of service. This MUST be one or a
combination of the following values.

Value Meaning

SERVICE_KERNEL_DRIVER A driver service. These are services that manage devices on

the system.
0x00000001

SERVICE_FILE_SYSTEM_DRIVER A file system driver service. These are services that manage
file systems on the system.
0x00000002

SERVICE_WIN32_OWN_PROCESS Service that runs within its own process.

0x00000010

SERVICE_WIN32_SHARE_PROCESS Service that shares a process with other services.

0x00000020

SERVICE_INTERACTIVE_PROCESS The service can interact with the desktop.

0x00000100

dwStartType: A value that specifies when to start the service. This MUST be one of the
following values.

Value Meaning

SERVICE_BOOT_START Starts the driver service when the system boots up. This value is valid
only for driver services.
0x00000000

SERVICE_AUTO_START Starts the service automatically during system startup.

0x00000002

SERVICE_DEMAND_START Starts the service when a client requests the SCM to start the service.

0x00000003
Value Meaning

SERVICE_DISABLED Service cannot be started.

0x00000004

dwErrorControl: A value that specifies the severity of the error if the service fails to start
and determines the action that the SCM takes. This MUST be one of the following
values.

Value Meaning

SERVICE_ERROR_IGNORE The SCM ignores the error and continues the startup operation.

0x00000000

SERVICE_ERROR_NORMAL The SCM logs the error, but continues the startup operation.

0x00000001

lpBinaryPathName: A pointer to a null-terminated UNICODE string that contains the

lpLoadOrderGroup: A pointer to a null-terminated UNICODE string that names the

load-ordering group of which this service is a member.

Specify NULL or an empty string if the service does not belong to a load-ordering
group.

lpdwTagId: A pointer to a variable that receives a tag value. The value is unique to the
group specified in the lpLoadOrderGroup parameter.

lpDependencies: A pointer to an array of null-separated names of services or load

ordering groups that MUST start before this service. The array is doubly null-terminated.
Load ordering group names are prefixed with a "+" character (to distinguish them from
service names). If the pointer is NULL or if it points to an empty string, the service has no
dependencies. Cyclic dependency between services is not allowed. The character set is
Unicode. Dependency on a service means that this service can run only if the service it
depends on is running. Dependency on a group means that this service can run if at
least one member of the group is running after an attempt to start all members of the
group.

dwDependSize: The size, in bytes, of the string specified by the dwDependSize

parameter.

lpServiceStartName: A pointer to a null-terminated UNICODE string that specifies the

name of the account under which the service runs.

lpPassword: A pointer to a null-terminated UNICODE string that contains the password

of the account whose name was specified by the lpServiceStartName parameter.

dwPwSize: The size, in bytes, of the password specified by the lpPassword parameter.

dwServiceWowType: The image file machine constant corresponding to the architecture

that the service binary is compiled for. This MUST be one of the following values.

Value Meaning

IMAGE_FILE_MACHINE_UNKNOWN Unknown or unspecified

IMAGE_FILE_MACHINE_TARGET_HOST Interacts with the host and not a WOW64 guest<84>

0x0001

IMAGE_FILE_MACHINE_I386 Intel 386 (also known as x86)

0x014c

IMAGE_FILE_MACHINE_R3000 MIPS 32-bit big-endian (R3000)

0x0160

IMAGE_FILE_MACHINE_R3000 MIPS 32-bit little-endian (R3000)

0x0162

IMAGE_FILE_MACHINE_R4000 MIPS 64-bit little-endian (R4000)

0x0166

IMAGE_FILE_MACHINE_R10000 MIPS 64-bit little-endian (R10000 MIPS IV)

0x0168
Value Meaning

IMAGE_FILE_MACHINE_WCEMIPSV2 MIPS little-endian Windows Compact Edition (WCE) v2

0x0169

IMAGE_FILE_MACHINE_ALPHA DEC Alpha AXP 32-bit

0x0184

IMAGE_FILE_MACHINE_SH3 Hitachi SH-3 32-bit little-endian

0x01a2

IMAGE_FILE_MACHINE_SH3DSP Hitachi SH-3 DSP 32-bit

0x01a3

IMAGE_FILE_MACHINE_SH3E Hitachi SH-3E 32-bit little-endian

0x01a4

IMAGE_FILE_MACHINE_SH4 Hitachi SH-4 32-bit little-endian

0x01a6

IMAGE_FILE_MACHINE_SH5 Hitachi SH-5 64-bit

0x01a8

IMAGE_FILE_MACHINE_ARM ARM Little-Endian

0x01c0

IMAGE_FILE_MACHINE_THUMB ARM Thumb/Thumb-2 Little-Endian

0x01c2

IMAGE_FILE_MACHINE_ARMNT ARM Thumb-2 Little-Endian<85>

0x01c4

IMAGE_FILE_MACHINE_AM33 Matsushita AM33, now Panasonic MN103

0x01d3

IMAGE_FILE_MACHINE_POWERPC IBM PowerPC 32-bit Little-Endian

0x01F0

IMAGE_FILE_MACHINE_POWERPCFP PowerPC 32-bit with FPU

0x01f1
Value Meaning

IMAGE_FILE_MACHINE_IA64 Intel IA-64 (also known as Itanium Architecture)

0x0200

IMAGE_FILE_MACHINE_MIPS16 MIPS 16-bit

0x0266

IMAGE_FILE_MACHINE_ALPHA64 DEC Alpha AXP 64-bit (same as

IMAGE_FILE_MACHINE_AXP64)
0x0284

IMAGE_FILE_MACHINE_MIPSFPU MIPS 32-bit with FPU

0x0366

IMAGE_FILE_MACHINE_MIPSFPU16 MIPS 16-bit with FPU

0x0466

IMAGE_FILE_MACHINE_AXP64 DEC Alpha AXP 64-bit (same as

IMAGE_FILE_MACHINE_ALPHA64)
0x0284

IMAGE_FILE_MACHINE_TRICORE Infineon AUDO 32-bit

0x0520

IMAGE_FILE_MACHINE_CEF CEF

0x0CEF

IMAGE_FILE_MACHINE_EBC EFI/UEFI Byte Code

0x0EBC

IMAGE_FILE_MACHINE_AMD64 AMD64 (also known as x64)

0x8664

IMAGE_FILE_MACHINE_M32R Mitsubishi M32R 32-bit little-endian

0x9041

IMAGE_FILE_MACHINE_ARM64 ARM64 little-endian<86>

0xAA64

IMAGE_FILE_MACHINE_CEE CEE

0xC0EE
lpServiceHandle: An LPSC_RPC_HANDLE (section 2.2.4) data type that defines the
handle to the newly created service record.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The SC_MANAGER_CREATE_SERVICE access right had

not been granted to the caller when the RPC context
ERROR_ACCESS_DENIED handle to the SCM was created.

6 The handle specified is invalid.

ERROR_INVALID_HANDLE

13 The data is invalid.

ERROR_INVALID_DATA

50 dwServiceWowType was an architecture that is not

supported.
ERROR_NOT_SUPPORTED

87 A parameter that was specified is invalid.

ERROR_INVALID_PARAMETER

123 The specified service name is invalid.

ERROR_INVALID_NAME

1057 The user account name specified in the

lpServiceStartName parameter does not exist.
ERROR_INVALID_SERVICE_ACCOUNT

1059 A circular service dependency was specified.

ERROR_CIRCULAR_DEPENDENCY

1072 The service record with a specified name already exists,

and RDeleteService has been called for it.
ERROR_SERVICE_MARKED_FOR_DELETE

1073 The service record with the ServiceName matching the

specified lpServiceName already exists.
ERROR_SERVICE_EXISTS

1078 The service record with the same DisplayName or the

same ServiceName as the passed-in lpDisplayName
ERROR_DUPLICATE_SERVICE_NAME already exists in the service control manager database.
Return value/code Description

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

The server MUST convert the location specified in the lpBinaryPathName parameter to
the appropriate WoW redirected location if the service binary is compiled for an
architecture other than the server’s native architecture.

The only valid combinations of values for dwServiceType are

If lpBinaryPathName contains arguments, the server MUST pass these arguments to the
service entry point.

If lpdwTagId has a valid value and lpLoadOrderGroup is either NULL or an empty string,
then the server MUST return ERROR_INVALID_PARAMETER.
3.1.4.50 ROpenSCManager2 (Opnum 64)
Article10/30/2020

The ROpenSCManager2 method establishes a connection to server and opens the SCM
database on the specified server.<87>

DWORD ROpenSCManager2(
[in] handle_t hBindingHandle,
[in, string, unique, range(0, SC_MAX_NAME_LENGTH)]
wchar_t* lpDatabaseName,
[in] DWORD dwDesiredAccess,
[out] LPSC_RPC_HANDLE lpScHandle
);

hBindingHandle: An RPC binding handle, as specified in [MS-DTYP] section 2.1.3,

representing the information needed to establish a relationship with a specific server.

lpDatabaseName: A pointer to a null-terminated Unicode string that specifies the name

of the SCM database to open. The parameter MUST be set to NULL, "ServicesActive", or
"ServicesFailed".

dwDesiredAccess: A value that specifies the access to the database. This MUST be one
of the values as specified in section 3.1.4.

The client MUST also have the SC_MANAGER_CONNECT access right.

lpScHandle: An LPSC_RPC_HANDLE (section 2.2.4) data type that defines the handle to
the newly opened SCM database.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success;

otherwise, it returns one of the following error codes.

Return value/code Description

5 The client does not have the required access rights to

open the SCM database on the server or the desired
ERROR_ACCESS_DENIED access is not granted to it in the SCM SecurityDescriptor.

123 The specified service name is invalid.

ERROR_INVALID_NAME

1065 The database specified does not exist.

ERROR_DATABASE_DOES_NOT_EXIST
Return value/code Description

1115 The system is shutting down.

ERROR_SHUTDOWN_IN_PROGRESS

If the caller cannot be granted permission requested in the dwDesiredAccess parameter,

the server MUST fail the call.<88>

The server MUST return ERROR_INVALID_NAME (123) if lpDatabaseName is not NULL

and not ServicesActive or ServicesFailed.

The server MUST return ERROR_DATABASE_DOES_NOT_EXIST (1065) if lpDatabaseName

is ServicesFailed.
3.1.5 Timer Events
Article02/14/2019

None.
3.1.6 Other Local Events
Article02/14/2019

None.
3.1.7 Conversion Between ANSI and
Unicode String Formats
Article02/14/2019

For all methods that require conversion, the server utilizes the conversion process
specified in [MS-UCODEREF] section 3.1.5.1.1.2.
3.2 RPC Runtime Check Notes
Article02/14/2019

The behavior of the client when methods are executed can be affected by the RPC
protocol runtime checks and MIDL compiler options used when generating stubs. For
example, this often concerns error codes when passing the NULL value in parameters
with the [string] IDL attribute. In these cases, the IDL method does not return the
expected error code. Instead, an RPC exception is raised.

For more information about generating RPC stubs from IDL definitions, see the topic
"Using the MIDL Compiler" in [MSDN-MIDL] .
4 Protocol Examples
Article04/27/2022

The client receives a request from an application such as Services.msc to open the SCM
database on the server for reading. After establishing a connection to the server, the
client sends an ROpenSCManagerW call with the following values for the parameters.

lpMachineName = "Name of the Server"

lpDatabaseName = "ServicesActive"
dwDesiredAccess = 0x00000001
lpScHandle = NULL

Upon receiving this request from the client, the server opens the handle to the SCM
database with read access, the method returns an error code of 0, and the pointer is set
to the opened handle in the lpScHandle parameter of the response.

The client can then use the handle returned in lpScHandle to operate on SCM database.
For instance, to query the display name associated with a service, the client sends an
RGetServiceDisplayNameW call with the following values for the parameters.

hSCManager = Handle returned in the lpScHandle parameter of the

previous server response.
lpServiceName = "GenericService\0"
lpDisplayName = Pointer to buffer that will receive the display name
lpcchBuffer = Size of the buffer pointed to by the lpDisplayName
parameter

Upon receiving this request from the client, the server queries the display name
associated with the service "GenericService", the method returns an error code of 0, and
then the server fills the display name in the buffer pointed to by the lpDisplayName
parameter of the response.

When it is finished operating on the SCM database, the client closes the handle to this
database by sending an RCloseServiceHandle with the following values for the
parameters.

hSCObject = Handle returned in the lpScHandle parameter of the server

response to the ROpenSCManagerW call.

Upon receiving this request from the client, the server closes the handle to the open
SCM database, and the method returns an error code of 0.
5 Security
Article02/14/2019

The following sections specify security considerations for implementers of the Service
Control Manager Remote Protocol.
5.1 Security Considerations for
Implementers
Article02/14/2019

None.
5.2 Index of Security Parameters
Article10/30/2020

Security parameter Section

RPC_C_AUTHN_GSS_NEGOTIATE 2.1

RPC_C_AUTHN_WINNT 2.1

RPC_C_AUTHN_LEVEL_PKT_PRIVACY 2.1

RPC_C_AUTHN_LEVEL_CONNECT 2.1
6 Appendix A: Full IDL
Article04/27/2022

For ease of implementation, the full Interface Definition Language (IDL) is provided as
follows, where "ms-dtyp.idl" is the IDL found in [MS-DTYP] Appendix A.

import "ms-dtyp.idl";
[
uuid(367ABB81-9844-35F1-AD32-98F038001003),
version(2.0),
ms_union,
pointer_default(unique)
]

interface svcctl{

const unsigned int MAX_SERVICE_NAME_LENGTH = 256;

const unsigned short SC_MAX_DEPEND_SIZE = 4 * 1024;
const unsigned short SC_MAX_NAME_LENGTH = MAX_SERVICE_NAME_LENGTH + 1;
const unsigned short SC_MAX_PATH_LENGTH = 32 * 1024;
const unsigned short SC_MAX_PWD_SIZE = 514;
const unsigned short SC_MAX_COMPUTER_NAME_LENGTH = 1024;
const unsigned short SC_MAX_ACCOUNT_NAME_LENGTH = 2 * 1024;
const unsigned short SC_MAX_COMMENT_LENGTH = 128;
const unsigned short SC_MAX_ARGUMENT_LENGTH = 1024;
const unsigned short SC_MAX_ARGUMENTS = 1024;

typedef [handle]
wchar_t* SVCCTL_HANDLEW;
typedef [handle]
LPSTR SVCCTL_HANDLEA;
typedef [context_handle] PVOID SC_RPC_HANDLE;
typedef [context_handle] PVOID SC_RPC_LOCK;
typedef [context_handle] PVOID SC_NOTIFY_RPC_HANDLE;

typedef SC_RPC_HANDLE * LPSC_RPC_HANDLE;

typedef SC_RPC_LOCK * LPSC_RPC_LOCK;
typedef SC_NOTIFY_RPC_HANDLE * LPSC_NOTIFY_RPC_HANDLE;

typedef struct _STRING_PTRSA {

[string, range(0, SC_MAX_ARGUMENT_LENGTH)] LPSTR StringPtr;
} STRING_PTRSA, *PSTRING_PTRSA, *LPSTRING_PTRSA;

typedef struct _STRING_PTRSW {

[string, range(0, SC_MAX_ARGUMENT_LENGTH)] wchar_t* StringPtr;
} STRING_PTRSW, *PSTRING_PTRSW, *LPSTRING_PTRSW;

typedef [range(0, 1024 * 4)] DWORD BOUNDED_DWORD_4K;

typedef BOUNDED_DWORD_4K * LPBOUNDED_DWORD_4K;
typedef [range(0, 1024 * 8)] DWORD BOUNDED_DWORD_8K;
typedef BOUNDED_DWORD_8K * LPBOUNDED_DWORD_8K;

typedef [range(0, 1024 * 256)] DWORD BOUNDED_DWORD_256K;

typedef BOUNDED_DWORD_256K * LPBOUNDED_DWORD_256K;

typedef struct _QUERY_SERVICE_CONFIGW {

typedef struct _QUERY_SERVICE_LOCK_STATUSW {

DWORD fIsLocked;
[string,range(0, 8 * 1024)] LPWSTR lpLockOwner;
DWORD dwLockDuration;
} QUERY_SERVICE_LOCK_STATUSW,
*LPQUERY_SERVICE_LOCK_STATUSW;

typedef struct _QUERY_SERVICE_CONFIGA {

typedef struct {
DWORD fIsLocked;
[string,range(0, 8 * 1024)] char* lpLockOwner;
DWORD dwLockDuration;
} QUERY_SERVICE_LOCK_STATUSA,
*LPQUERY_SERVICE_LOCK_STATUSA;

typedef struct _SERVICE_DESCRIPTIONA {

[string,range(0, 8 * 1024)] LPSTR lpDescription;
} SERVICE_DESCRIPTIONA,
*LPSERVICE_DESCRIPTIONA;

typedef [v1_enum] enum _SC_ACTION_TYPE {

SC_ACTION_NONE = 0,
SC_ACTION_RESTART = 1,
SC_ACTION_REBOOT = 2,
SC_ACTION_RUN_COMMAND = 3
} SC_ACTION_TYPE;

typedef struct {
SC_ACTION_TYPE Type;
DWORD Delay;
} SC_ACTION,
*LPSC_ACTION;

typedef struct _SERVICE_FAILURE_ACTIONSA {

DWORD dwResetPeriod;
[string,range(0, 8 * 1024)] LPSTR lpRebootMsg;
[string,range(0, 8 * 1024)] LPSTR lpCommand;
[range(0, 1024)] DWORD cActions;
[size_is(cActions)] SC_ACTION * lpsaActions;
} SERVICE_FAILURE_ACTIONSA,
*LPSERVICE_FAILURE_ACTIONSA;

typedef struct _SERVICE_DELAYED_AUTO_START_INFO {

BOOL fDelayedAutostart;
} SERVICE_DELAYED_AUTO_START_INFO,
*LPSERVICE_DELAYED_AUTO_START_INFO;

typedef struct _SERVICE_FAILURE_ACTIONS_FLAG {

BOOL fFailureActionsOnNonCrashFailures;
} SERVICE_FAILURE_ACTIONS_FLAG,
*LPSERVICE_FAILURE_ACTIONS_FLAG;

typedef struct _SERVICE_SID_INFO {

DWORD dwServiceSidType;
} SERVICE_SID_INFO,
*LPSERVICE_SID_INFO;

typedef struct _SERVICE_PRESHUTDOWN_INFO {

DWORD dwPreshutdownTimeout;
} SERVICE_PRESHUTDOWN_INFO,
*LPSERVICE_PRESHUTDOWN_INFO;

typedef struct _SERVICE_DESCRIPTIONW {

[string,range(0, 8 * 1024)] LPWSTR lpDescription;
} SERVICE_DESCRIPTIONW,
*LPSERVICE_DESCRIPTIONW;

typedef struct _SERVICE_FAILURE_ACTIONSW {

DWORD dwResetPeriod;
[string,range(0, 8 * 1024)] LPWSTR lpRebootMsg;
[string,range(0, 8 * 1024)] LPWSTR lpCommand;
[range(0, 1024)] DWORD cActions;
[size_is(cActions)] SC_ACTION * lpsaActions;
} SERVICE_FAILURE_ACTIONSW,
*LPSERVICE_FAILURE_ACTIONSW;

typedef [v1_enum] enum

{
SC_STATUS_PROCESS_INFO = 0
} SC_STATUS_TYPE;

typedef [v1_enum] enum

{
SC_ENUM_PROCESS_INFO = 0
} SC_ENUM_TYPE;

typedef struct _SERVICE_PREFERRED_NODE_INFO {

USHORT usPreferredNode;
BOOLEAN fDelete;
} SERVICE_PREFERRED_NODE_INFO, *LPSERVICE_PREFERRED_NODE_INFO;

typedef struct _SERVICE_TRIGGER_SPECIFIC_DATA_ITEM {

DWORD dwDataType;
[range(0, 1024)]
DWORD cbData;
[size_is(cbData)]
PBYTE pData;
} SERVICE_TRIGGER_SPECIFIC_DATA_ITEM, *PSERVICE_TRIGGER_SPECIFIC_DATA_ITEM;

typedef struct _SERVICE_TRIGGER {

DWORD dwTriggerType;
DWORD dwAction;
GUID * pTriggerSubtype;
[range(0, 64)]
DWORD cDataItems;
[size_is(cDataItems)]
PSERVICE_TRIGGER_SPECIFIC_DATA_ITEM pDataItems;
} SERVICE_TRIGGER, *PSERVICE_TRIGGER;

typedef struct _SERVICE_TRIGGER_INFO {

[range(0, 64)] DWORD cTriggers;
[size_is(cTriggers)]
PSERVICE_TRIGGER pTriggers;
PBYTE pReserved;
} SERVICE_TRIGGER_INFO, *PSERVICE_TRIGGER_INFO;

typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;

typedef struct _ENUM_SERVICE_STATUSA {

LPSTR lpServiceName;
LPSTR lpDisplayName;
SERVICE_STATUS ServiceStatus;
} ENUM_SERVICE_STATUSA, *LPENUM_SERVICE_STATUSA;

typedef struct _ENUM_SERVICE_STATUSW {

LPWSTR lpServiceName;
LPWSTR lpDisplayName;
SERVICE_STATUS ServiceStatus;
} ENUM_SERVICE_STATUSW, *LPENUM_SERVICE_STATUSW;

typedef struct _ENUM_SERVICE_STATUS_PROCESSA {

LPSTR lpServiceName;
LPSTR lpDisplayName;
SERVICE_STATUS_PROCESS ServiceStatusProcess;
} ENUM_SERVICE_STATUS_PROCESSA, *LPENUM_SERVICE_STATUS_PROCESSA;

typedef struct _ENUM_SERVICE_STATUS_PROCESSW {

LPWSTR lpServiceName;
LPWSTR lpDisplayName;
SERVICE_STATUS_PROCESS ServiceStatusProcess;
} ENUM_SERVICE_STATUS_PROCESSW, *LPENUM_SERVICE_STATUS_PROCESSW;

typedef struct _SERVICE_DESCRIPTION_WOW64

{
DWORD dwDescriptionOffset;
} SERVICE_DESCRIPTION_WOW64, *LPSERVICE_DESCRIPTION_WOW64;

typedef struct _SERVICE_FAILURE_ACTIONS_WOW64

{
DWORD dwResetPeriod;
DWORD dwRebootMsgOffset;
DWORD dwCommandOffset;
DWORD cActions;
DWORD dwsaActionsOffset;
} SERVICE_FAILURE_ACTIONS_WOW64, *LPSERVICE_FAILURE_ACTIONS_WOW64;

typedef struct _SERVICE_REQUIRED_PRIVILEGES_INFO_WOW64

{
DWORD dwRequiredPrivilegesOffset;
} SERVICE_REQUIRED_PRIVILEGES_INFO_WOW64,
*LPSERVICE_REQUIRED_PRIVILEGES_INFO_WOW64;

DWORD
RCloseServiceHandle(
[in,out] LPSC_RPC_HANDLE hSCObject
);

DWORD
RControlService(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwControl,
[out] LPSERVICE_STATUS lpServiceStatus
);

DWORD
RDeleteService(
[in] SC_RPC_HANDLE hService
);

DWORD
RLockServiceDatabase(
[in] SC_RPC_HANDLE hSCManager,
[out] LPSC_RPC_LOCK lpLock
);

DWORD
RQueryServiceObjectSecurity(
[in] SC_RPC_HANDLE hService,
[in] SECURITY_INFORMATION dwSecurityInformation,
[out, size_is(cbBufSize)] LPBYTE lpSecurityDescriptor,
[in, range(0, 1024 * 256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded
);

DWORD
RSetServiceObjectSecurity(
[in] SC_RPC_HANDLE hService,
[in] SECURITY_INFORMATION dwSecurityInformation,
[in,size_is(cbBufSize)] LPBYTE lpSecurityDescriptor,
[in] DWORD cbBufSize
);

DWORD
RQueryServiceStatus(
[in] SC_RPC_HANDLE hService,
[out] LPSERVICE_STATUS lpServiceStatus
);

DWORD
RSetServiceStatus(
[in] SC_RPC_HANDLE hServiceStatus,
[in] LPSERVICE_STATUS lpServiceStatus
);

DWORD
RUnlockServiceDatabase(
[in,out] LPSC_RPC_LOCK Lock
);

DWORD
RNotifyBootConfigStatus(
[in,string,unique,range(0, SC_MAX_COMPUTER_NAME_LENGTH)]
SVCCTL_HANDLEW lpMachineName,
[in] DWORD BootAcceptable
);

void Opnum10NotUsedOnWire(void);

DWORD
RChangeServiceConfigW(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwServiceType,
[in] DWORD dwStartType,
[in] DWORD dwErrorControl,
[in,string,unique,range(0, SC_MAX_PATH_LENGTH)]
wchar_t * lpBinaryPathName,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpLoadOrderGroup,
[in,out,unique] LPDWORD lpdwTagId,
[in,unique,size_is(dwDependSize)] LPBYTE lpDependencies,
[in, range (0, SC_MAX_DEPEND_SIZE)] DWORD dwDependSize,
[in,string,unique,range(0, SC_MAX_ACCOUNT_NAME_LENGTH)]
wchar_t * lpServiceStartName,
[in,unique,size_is(dwPwSize)] LPBYTE lpPassword,
[in, range(0, SC_MAX_PWD_SIZE)] DWORD dwPwSize,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpDisplayName
);

DWORD
RCreateServiceW(
[in] SC_RPC_HANDLE hSCManager,
[in,string,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpServiceName,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpDisplayName,
[in] DWORD dwDesiredAccess,
[in] DWORD dwServiceType,
[in] DWORD dwStartType,
[in] DWORD dwErrorControl,
[in,string, range(0, SC_MAX_PATH_LENGTH)]
wchar_t * lpBinaryPathName,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpLoadOrderGroup,
[in,out,unique] LPDWORD lpdwTagId,
[in,unique,size_is(dwDependSize)] LPBYTE lpDependencies,
[in, range (0, SC_MAX_DEPEND_SIZE)] DWORD dwDependSize,
[in,string,unique,range(0, SC_MAX_ACCOUNT_NAME_LENGTH)]
wchar_t * lpServiceStartName,
[in,unique,size_is(dwPwSize)] LPBYTE lpPassword,
[in, range(0, SC_MAX_PWD_SIZE)] DWORD dwPwSize,
[out] LPSC_RPC_HANDLE lpServiceHandle
);
DWORD
REnumDependentServicesW(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwServiceState,
[out, size_is(cbBufSize)] LPBYTE lpServices,
[in, range(0, 1024 * 256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded,
[out] LPBOUNDED_DWORD_256K lpServicesReturned
);

DWORD
REnumServicesStatusW(
[in] SC_RPC_HANDLE hSCManager,
[in] DWORD dwServiceType,
[in] DWORD dwServiceState,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024 * 256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded,
[out] LPBOUNDED_DWORD_256K lpServicesReturned,
[in,out,unique] LPBOUNDED_DWORD_256K lpResumeIndex
);

DWORD
ROpenSCManagerW(
[in,string,unique,range(0, SC_MAX_COMPUTER_NAME_LENGTH)]
SVCCTL_HANDLEW lpMachineName,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpDatabaseName,
[in] DWORD dwDesiredAccess,
[out] LPSC_RPC_HANDLE lpScHandle
);

DWORD
ROpenServiceW(
[in] SC_RPC_HANDLE hSCManager,
[in,string,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpServiceName,
[in] DWORD dwDesiredAccess,
[out] LPSC_RPC_HANDLE lpServiceHandle
);

DWORD
RQueryServiceConfigW(
[in] SC_RPC_HANDLE hService,
[out] LPQUERY_SERVICE_CONFIGW lpServiceConfig,
[in, range(0, 1024 * 8)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_8K pcbBytesNeeded
);

DWORD
RQueryServiceLockStatusW(
[in] SC_RPC_HANDLE hSCManager,
[out] LPQUERY_SERVICE_LOCK_STATUSW lpLockStatus,
[in, range(0, 1024 * 4)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_4K pcbBytesNeeded
);

DWORD
RStartServiceW(
[in] SC_RPC_HANDLE hService,
[in, range(0, SC_MAX_ARGUMENTS)] DWORD argc,
[in,unique,size_is(argc)] LPSTRING_PTRSW argv
);

DWORD
RGetServiceDisplayNameW(
[in] SC_RPC_HANDLE hSCManager,
[in,string,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpServiceName,
[out,string, range(1, 4*1024+1), size_is(*lpcchBuffer+1)]
wchar_t * lpDisplayName,
[in,out] DWORD * lpcchBuffer
);

DWORD
RGetServiceKeyNameW(
[in] SC_RPC_HANDLE hSCManager,
[in,string,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpDisplayName,
[out,string, range(1, 4*1024+1), size_is(*lpcchBuffer+1)]
wchar_t * lpServiceName,
[in,out] DWORD * lpcchBuffer
);

void Opnum22NotUsedOnWire(void);

DWORD
RChangeServiceConfigA(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwServiceType,
[in] DWORD dwStartType,
[in] DWORD dwErrorControl,
[in,string,unique,range(0, SC_MAX_PATH_LENGTH)]
LPSTR lpBinaryPathName,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpLoadOrderGroup,
[in,out,unique] LPDWORD lpdwTagId,
[in,unique,size_is(dwDependSize)] LPBYTE lpDependencies,
[in, range (0, SC_MAX_DEPEND_SIZE)] DWORD dwDependSize,
[in,string,unique,range(0, SC_MAX_ACCOUNT_NAME_LENGTH)]
LPSTR lpServiceStartName,
[in,unique,size_is(dwPwSize)] LPBYTE lpPassword,
[in, range(0, SC_MAX_PWD_SIZE)] DWORD dwPwSize,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpDisplayName
);

DWORD
RCreateServiceA(
[in] SC_RPC_HANDLE hSCManager,
[in,string,range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpServiceName,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpDisplayName,
[in] DWORD dwDesiredAccess,
[in] DWORD dwServiceType,
[in] DWORD dwStartType,
[in] DWORD dwErrorControl,
[in,string, range(0, SC_MAX_PATH_LENGTH)]
LPSTR lpBinaryPathName,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpLoadOrderGroup,
[in,out,unique] LPDWORD lpdwTagId,
[in,unique,size_is(dwDependSize)] LPBYTE lpDependencies,
[in, range (0, SC_MAX_DEPEND_SIZE)] DWORD dwDependSize,
[in,string,unique,range(0, SC_MAX_ACCOUNT_NAME_LENGTH)]
LPSTR lpServiceStartName,
[in,unique,size_is(dwPwSize)] LPBYTE lpPassword,
[in, range(0, SC_MAX_PWD_SIZE)] DWORD dwPwSize,
[out] LPSC_RPC_HANDLE lpServiceHandle
);

DWORD
REnumDependentServicesA(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwServiceState,
[out, size_is(cbBufSize)] LPBYTE lpServices,
[in, range(0, 1024 * 256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded,
[out] LPBOUNDED_DWORD_256K lpServicesReturned
);

DWORD
REnumServicesStatusA(
[in] SC_RPC_HANDLE hSCManager,
[in] DWORD dwServiceType,
[in] DWORD dwServiceState,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024 * 256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded,
[out] LPBOUNDED_DWORD_256K lpServicesReturned,
[in,out,unique] LPBOUNDED_DWORD_256K lpResumeIndex
);

DWORD
ROpenSCManagerA(
[in,string,unique,range(0, SC_MAX_COMPUTER_NAME_LENGTH)]
SVCCTL_HANDLEA lpMachineName,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpDatabaseName,
[in] DWORD dwDesiredAccess,
[out] LPSC_RPC_HANDLE lpScHandle
);
DWORD
ROpenServiceA(
[in] SC_RPC_HANDLE hSCManager,
[in,string,range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpServiceName,
[in] DWORD dwDesiredAccess,
[out] LPSC_RPC_HANDLE lpServiceHandle
);

DWORD
RQueryServiceConfigA(
[in] SC_RPC_HANDLE hService,
[out] LPQUERY_SERVICE_CONFIGA lpServiceConfig,
[in, range(0, 1024 * 8)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_8K pcbBytesNeeded
);

DWORD
RQueryServiceLockStatusA(
[in] SC_RPC_HANDLE hSCManager,
[out] LPQUERY_SERVICE_LOCK_STATUSA lpLockStatus,
[in, range(0, 1024 * 4)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_4K pcbBytesNeeded
);

DWORD
RStartServiceA(
[in] SC_RPC_HANDLE hService,
[in, range(0, SC_MAX_ARGUMENTS)] DWORD argc,
[in,unique,size_is(argc)] LPSTRING_PTRSA argv
);

DWORD
RGetServiceDisplayNameA(
[in] SC_RPC_HANDLE hSCManager,
[in,string,range(0, SC_MAX_NAME_LENGTH)] LPSTR lpServiceName,
[out,string, size_is(*lpcchBuffer)] LPSTR lpDisplayName,
[in,out] LPBOUNDED_DWORD_4K lpcchBuffer
);

DWORD
RGetServiceKeyNameA(
[in] SC_RPC_HANDLE hSCManager,
[in,string,range(0, SC_MAX_NAME_LENGTH)] LPSTR lpDisplayName,
[out,string, size_is(*lpcchBuffer)] LPSTR lpKeyName,
[in,out] LPBOUNDED_DWORD_4K lpcchBuffer
);

void Opnum34NotUsedOnWire(void);

DWORD
REnumServiceGroupW(
[in] SC_RPC_HANDLE hSCManager,
[in] DWORD dwServiceType,
[in] DWORD dwServiceState,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024 * 256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded,
[out] LPBOUNDED_DWORD_256K lpServicesReturned,
[in,out,unique] LPBOUNDED_DWORD_256K lpResumeIndex,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
LPCWSTR pszGroupName
);

typedef struct _SERVICE_RPC_REQUIRED_PRIVILEGES_INFO

{
[range(0, 1024 * 4)] DWORD cbRequiredPrivileges;
[size_is(cbRequiredPrivileges)] PBYTE pRequiredPrivileges;
} SERVICE_RPC_REQUIRED_PRIVILEGES_INFO,
*LPSERVICE_RPC_REQUIRED_PRIVILEGES_INFO;

typedef struct _SC_RPC_CONFIG_INFOA

{
DWORD dwInfoLevel;
[switch_is(dwInfoLevel)] union
{
[case(1)]
LPSERVICE_DESCRIPTIONA psd;
[case(2)]
LPSERVICE_FAILURE_ACTIONSA psfa;
[case(3)]
LPSERVICE_DELAYED_AUTO_START_INFO psda;
[case(4)]
LPSERVICE_FAILURE_ACTIONS_FLAG psfaf;
[case(5)]
LPSERVICE_SID_INFO pssid;
[case(6)]
LPSERVICE_RPC_REQUIRED_PRIVILEGES_INFO psrp;
[case(7)]
LPSERVICE_PRESHUTDOWN_INFO psps;
[case(8)]
PSERVICE_TRIGGER_INFO psti;
[case(9)]
LPSERVICE_PREFERRED_NODE_INFO pspn;
};
} SC_RPC_CONFIG_INFOA;

typedef struct _SC_RPC_CONFIG_INFOW

{
DWORD dwInfoLevel;
[switch_is(dwInfoLevel)] union
{
[case(1)]
LPSERVICE_DESCRIPTIONW psd;
[case(2)]
LPSERVICE_FAILURE_ACTIONSW psfa;
[case(3)]
LPSERVICE_DELAYED_AUTO_START_INFO psda;
[case(4)]
LPSERVICE_FAILURE_ACTIONS_FLAG psfaf;
[case(5)]
LPSERVICE_SID_INFO pssid;
[case(6)]
LPSERVICE_RPC_REQUIRED_PRIVILEGES_INFO psrp;
[case(7)]
LPSERVICE_PRESHUTDOWN_INFO psps;
[case(8)]
PSERVICE_TRIGGER_INFO psti;
[case(9)]
LPSERVICE_PREFERRED_NODE_INFO pspn;
};
} SC_RPC_CONFIG_INFOW;

DWORD
RChangeServiceConfig2A(
[in] SC_RPC_HANDLE hService,
[in] SC_RPC_CONFIG_INFOA Info
);

DWORD
RChangeServiceConfig2W(
[in] SC_RPC_HANDLE hService,
[in] SC_RPC_CONFIG_INFOW Info
);

DWORD
RQueryServiceConfig2A(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwInfoLevel,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024 * 8)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_8K pcbBytesNeeded
);

DWORD
RQueryServiceConfig2W(
[in] SC_RPC_HANDLE hService,
[in] DWORD dwInfoLevel,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024 * 8)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_8K pcbBytesNeeded
);

DWORD
RQueryServiceStatusEx(
[in] SC_RPC_HANDLE hService,
[in] SC_STATUS_TYPE InfoLevel,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024 * 8)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_8K pcbBytesNeeded
);

DWORD
REnumServicesStatusExA (
[in] SC_RPC_HANDLE hSCManager,
[in] SC_ENUM_TYPE InfoLevel,
[in] DWORD dwServiceType,
[in] DWORD dwServiceState,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024 * 256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded,
[out] LPBOUNDED_DWORD_256K lpServicesReturned,
[in,out,unique] LPBOUNDED_DWORD_256K lpResumeIndex,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
LPCSTR pszGroupName
);

DWORD
REnumServicesStatusExW (
[in] SC_RPC_HANDLE hSCManager,
[in] SC_ENUM_TYPE InfoLevel,
[in] DWORD dwServiceType,
[in] DWORD dwServiceState,
[out, size_is(cbBufSize)] LPBYTE lpBuffer,
[in, range(0, 1024 * 256)] DWORD cbBufSize,
[out] LPBOUNDED_DWORD_256K pcbBytesNeeded,
[out] LPBOUNDED_DWORD_256K lpServicesReturned,
[in,out,unique] LPBOUNDED_DWORD_256K lpResumeIndex,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
LPCWSTR pszGroupName
);

void Opnum43NotUsedOnWire(void);

DWORD
RCreateServiceWOW64A(
[in] SC_RPC_HANDLE hSCManager,
[in,string,range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpServiceName,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpDisplayName,
[in] DWORD dwDesiredAccess,
[in] DWORD dwServiceType,
[in] DWORD dwStartType,
[in] DWORD dwErrorControl,
[in,string, range(0, SC_MAX_PATH_LENGTH)]
LPSTR lpBinaryPathName,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
LPSTR lpLoadOrderGroup,
[in,out,unique] LPDWORD lpdwTagId,
[in,unique,size_is(dwDependSize)] LPBYTE lpDependencies,
[in, range (0, SC_MAX_DEPEND_SIZE)] DWORD dwDependSize,
[in,string,unique,range(0, SC_MAX_ACCOUNT_NAME_LENGTH)]
LPSTR lpServiceStartName,
[in,unique,size_is(dwPwSize)] LPBYTE lpPassword,
[in, range(0, SC_MAX_PWD_SIZE)] DWORD dwPwSize,
[out] LPSC_RPC_HANDLE lpServiceHandle
);

DWORD
RCreateServiceWOW64W(
[in] SC_RPC_HANDLE hSCManager,
[in,string,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpServiceName,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpDisplayName,
[in] DWORD dwDesiredAccess,
[in] DWORD dwServiceType,
[in] DWORD dwStartType,
[in] DWORD dwErrorControl,
[in,string,range(0, SC_MAX_PATH_LENGTH)]
wchar_t * lpBinaryPathName,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpLoadOrderGroup,
[in,out,unique] LPDWORD lpdwTagId,
[in,unique,size_is(dwDependSize)] LPBYTE lpDependencies,
[in, range (0, SC_MAX_DEPEND_SIZE)] DWORD dwDependSize,
[in,string,unique,range(0, SC_MAX_ACCOUNT_NAME_LENGTH)]
wchar_t * lpServiceStartName,
[in,unique,size_is(dwPwSize)] LPBYTE lpPassword,
[in, range(0, SC_MAX_PWD_SIZE)] DWORD dwPwSize,
[out] LPSC_RPC_HANDLE lpServiceHandle
);

void Opnum46NotUsedOnWire(void);

typedef struct _SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1

{
ULONGLONG ullThreadId;
DWORD dwNotifyMask;
UCHAR CallbackAddressArray [ 16 ];
UCHAR CallbackParamAddressArray [ 16 ];
SERVICE_STATUS_PROCESS ServiceStatus;
DWORD dwNotificationStatus;
DWORD dwSequence;
} SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1,
*PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1;

typedef struct _SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2

{
ULONGLONG ullThreadId;
DWORD dwNotifyMask;
UCHAR CallbackAddressArray [ 16 ];
UCHAR CallbackParamAddressArray [ 16 ];
SERVICE_STATUS_PROCESS ServiceStatus;
DWORD dwNotificationStatus;
DWORD dwSequence;
DWORD dwNotificationTriggered;
[string, range(0, 64*1024)] PWSTR pszServiceNames;
} SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2,
*PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2;

typedef SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2
SERVICE_NOTIFY_STATUS_CHANGE_PARAMS,
*PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS;

typedef struct _SC_RPC_NOTIFY_PARAMS

{
DWORD dwInfoLevel;
[ switch_is ( dwInfoLevel ) ]
union
{
[case(1)]
PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1 pStatusChangeParam1;

[case(2)]
PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2 pStatusChangeParams;
};
} SC_RPC_NOTIFY_PARAMS;

typedef struct _SC_RPC_NOTIFY_PARAMS_LIST

{
BOUNDED_DWORD_4K cElements;
[size_is(cElements)] SC_RPC_NOTIFY_PARAMS NotifyParamsArray [*];
} SC_RPC_NOTIFY_PARAMS_LIST, *PSC_RPC_NOTIFY_PARAMS_LIST;

DWORD
RNotifyServiceStatusChange(
[in] SC_RPC_HANDLE hService,
[in] SC_RPC_NOTIFY_PARAMS NotifyParams,
[in] GUID * pClientProcessGuid,
[out] GUID * pSCMProcessGuid,
[out] PBOOL pfCreateRemoteQueue,
[out] LPSC_NOTIFY_RPC_HANDLE phNotify
);

error_status_t
RGetNotifyResults(
[in] SC_NOTIFY_RPC_HANDLE hNotify,
[out] PSC_RPC_NOTIFY_PARAMS_LIST *ppNotifyParams
);

DWORD
RCloseNotifyHandle(
[in, out] LPSC_NOTIFY_RPC_HANDLE phNotify,
[out] PBOOL pfApcFired
);

typedef struct _SERVICE_CONTROL_STATUS_REASON_IN_PARAMSA

{
DWORD dwReason;
[string,range(0, SC_MAX_COMMENT_LENGTH)] LPSTR pszComment;
} SERVICE_CONTROL_STATUS_REASON_IN_PARAMSA,
*PSERVICE_CONTROL_STATUS_REASON_IN_PARAMSA;

typedef struct _SERVICE_CONTROL_STATUS_REASON_OUT_PARAMS

{
SERVICE_STATUS_PROCESS ServiceStatus;
} SERVICE_CONTROL_STATUS_REASON_OUT_PARAMS,
*PSERVICE_CONTROL_STATUS_REASON_OUT_PARAMS;

typedef [switch_type(DWORD)]
union _SC_RPC_SERVICE_CONTROL_IN_PARAMSA
{
[case(1)]
PSERVICE_CONTROL_STATUS_REASON_IN_PARAMSA psrInParams;
} SC_RPC_SERVICE_CONTROL_IN_PARAMSA,
*PSC_RPC_SERVICE_CONTROL_IN_PARAMSA;

typedef [switch_type(DWORD)]
union _SC_RPC_SERVICE_CONTROL_OUT_PARAMSA
{
[case(1)]
PSERVICE_CONTROL_STATUS_REASON_OUT_PARAMS psrOutParams;
} SC_RPC_SERVICE_CONTROL_OUT_PARAMSA,
*PSC_RPC_SERVICE_CONTROL_OUT_PARAMSA;

DWORD
RControlServiceExA (
[in] SC_RPC_HANDLE hService,
[in] DWORD dwControl,
[in] DWORD dwInfoLevel,
[in, switch_is(dwInfoLevel)]
PSC_RPC_SERVICE_CONTROL_IN_PARAMSA pControlInParams,
[out, switch_is(dwInfoLevel)]
PSC_RPC_SERVICE_CONTROL_OUT_PARAMSA pControlOutParams
);

typedef struct _SERVICE_CONTROL_STATUS_REASON_IN_PARAMSW

{
DWORD dwReason;
[string,range(0, SC_MAX_COMMENT_LENGTH)] LPWSTR pszComment;
} SERVICE_CONTROL_STATUS_REASON_IN_PARAMSW,
*PSERVICE_CONTROL_STATUS_REASON_IN_PARAMSW;

typedef [switch_type(DWORD)]
union _SC_RPC_SERVICE_CONTROL_IN_PARAMSW
{
[case(1)]
PSERVICE_CONTROL_STATUS_REASON_IN_PARAMSW psrInParams;
} SC_RPC_SERVICE_CONTROL_IN_PARAMSW,
*PSC_RPC_SERVICE_CONTROL_IN_PARAMSW;
typedef [switch_type(DWORD)]
union _SC_RPC_SERVICE_CONTROL_OUT_PARAMSW
{
[case(1)]
PSERVICE_CONTROL_STATUS_REASON_OUT_PARAMS psrOutParams;
} SC_RPC_SERVICE_CONTROL_OUT_PARAMSW,
*PSC_RPC_SERVICE_CONTROL_OUT_PARAMSW;

DWORD
RControlServiceExW (
[in] SC_RPC_HANDLE hService,
[in] DWORD dwControl,
[in] DWORD dwInfoLevel,
[in, switch_is(dwInfoLevel)]
PSC_RPC_SERVICE_CONTROL_IN_PARAMSW pControlInParams,
[out, switch_is(dwInfoLevel)]
PSC_RPC_SERVICE_CONTROL_OUT_PARAMSW pControlOutParams
);

void Opnum52NotUsedOnWire(void);

void Opnum53NotUsedOnWire(void);

void Opnum54NotUsedOnWire(void);

void Opnum55NotUsedOnWire(void);

DWORD
RQueryServiceConfigEx (
[in] SC_RPC_HANDLE hService,
[in] DWORD dwInfoLevel,
[out] SC_RPC_CONFIG_INFOW * pInfo
);
}

void Opnum57NotUsedOnWire(void);
void Opnum58NotUsedOnWire(void);
void Opnum59NotUsedOnWire(void);

DWORD
RCreateWowService(
[in] SC_RPC_HANDLE hSCManager,
[in,string,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpServiceName,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpDisplayName,
[in] DWORD dwDesiredAccess,
[in] DWORD dwServiceType,
[in] DWORD dwStartType,
[in] DWORD dwErrorControl,
[in,string,range(0, SC_MAX_PATH_LENGTH)]
wchar_t * lpBinaryPathName,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
wchar_t * lpLoadOrderGroup,
[in,out,unique]
LPDWORD lpdwTagId,
[in,unique,size_is(dwDependSize)]
LPBYTE lpDependencies,
[in, range (0, SC_MAX_DEPEND_SIZE)]
DWORD dwDependSize,
[in,string,unique,range(0, SC_MAX_ACCOUNT_NAME_LENGTH)]
wchar_t * lpServiceStartName,
[in,unique,size_is(dwPwSize)]
LPBYTE lpPassword,
[in, range(0, SC_MAX_PWD_SIZE)]
DWORD dwPwSize,
[in] USHORT dwServiceWowType,
[out] LPSC_RPC_HANDLE lpServiceHandle
);

void Opnum61NotUsedOnWire(void);
void Opnum62NotUsedOnWire(void);
void Opnum63NotUsedOnWire(void);

DWORD
ROpenSCManager2(
[in] handle_t BindingHandle,
[in,string,unique,range(0, SC_MAX_NAME_LENGTH)]
wchar_t *DatabaseName,
[in] DWORD DesiredAccess,
[out] LPSC_RPC_HANDLE ScmHandle
);
7 Appendix B: Product Behavior
Article04/27/2022

The information in this specification is applicable to the following Microsoft products or

supplemental software. References to product versions include updates to those
products.

The terms "earlier" and "later", when used with a product version, refer to either all
preceding versions or all subsequent versions, respectively. The term "through" refers to
the inclusive range of versions. Applicable Microsoft products are listed chronologically
in this section.

Windows Client

Windows NT operating system

Windows 2000 Professional operating system

Windows XP operating system

Windows Vista operating system

Windows 7 operating system

Windows 8 operating system

Windows 8.1 operating system

Windows 10 operating system

Windows 11 operating system

Windows Server

Windows 2000 Server operating system

Windows Server 2003 operating system

Windows Server 2003 R2 operating system

Windows Server 2008 operating system

Windows Server 2008 R2 operating system

Windows Server 2012 operating system

Windows Server 2012 R2 operating system

Windows Server 2016 operating system

Windows Server operating system

Windows Server 2019 operating system

Windows Server 2022 operating system

Exceptions, if any, are noted in this section. If an update version, service pack or
Knowledge Base (KB) number appears with a product name, the behavior changed in
that update. The new behavior also applies to subsequent updates unless otherwise
specified. If a product edition appears with the product version, behavior is different in
that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that
is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in
accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified,
the term "MAY" implies that the product does not follow the prescription.

<1> Section 2.1.2: An authentication level of RPC_C_AUTHN_LEVEL_PKT_PRIVACY is used

only in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
operating system.

<2> Section 2.2.21: The structures are not available in Windows NT, Windows 2000
operating system, Windows XP, and Windows Server 2003.

<3> Section 2.2.22: RPC_CONFIG_INFOW is not available in Windows NT, Windows

2000, Windows XP, and Windows Server 2003.

<4> Section 2.2.22: psti is not available in Windows NT, Windows 2000, Windows XP,
Windows Server 2003, Windows Vista, Windows Server 2003 R2, or Windows Server
2008.

<5> Section 2.2.22: pspn is not available in Windows NT, Windows 2000, Windows XP,
Windows Server 2003, Windows Vista, Windows Server 2003 R2, or Windows Server
2008.

<6> Section 2.2.23: The SC_RPC_NOTIFY_PARAMS structure is not available in Windows

NT, Windows 2000, Windows XP, and Windows Server 2003.

<7> Section 2.2.24: The SC_RPC_NOTIFY_PARAMS_LIST structure is not available in

Windows NT, Windows 2000, Windows XP, and Windows Server 2003.

<8> Section 2.2.30: The SERVICE_CONTROL_STATUS_REASON_IN_PARAMSA structure is

not available in Windows NT, Windows 2000, Windows XP, and Windows Server 2003.
<9> Section 2.2.31: The SERVICE_CONTROL_STATUS_REASON_IN_PARAMSW structure is
not available in Windows NT, Windows 2000, Windows XP, and Windows Server 2003.

<10> Section 2.2.32: The SERVICE_CONTROL_STATUS_REASON_OUT_PARAMS structure

is not available in Windows NT, Windows 2000, Windows XP, and Windows Server 2003.

<11> Section 2.2.33: The SERVICE_DELAYED_AUTO_START_INFO structure is not

available in Windows NT, Windows 2000, Windows XP, and Windows Server 2003.

<12> Section 2.2.41: The SERVICE_FAILURE_ACTIONS_FLAG structure is not available in

Windows NT, Windows 2000, Windows XP, and Windows Server 2003.

<13> Section 2.2.42: Not available in Windows NT, Windows 2000, Windows XP, and
Windows Server 2003.

<14> Section 2.2.44: Not available in Windows NT, Windows 2000, Windows XP, and
Windows Server 2003.

<15> Section 2.2.45: Not available in Windows NT, Windows 2000, Windows XP, and
Windows Server 2003.

<16> Section 2.2.46: Not available in Windows NT, Windows 2000, Windows XP, and
Windows Server 2003.

<17> Section 2.2.47: Not available in Windows NT, Windows 2000, Windows XP, and
Windows Server 2003.

<18> Section 2.2.47: Not available in Windows NT, Windows 2000, Windows XP,
Windows Server 2003, Windows Vista, or Windows Server 2003 R2, or Windows Server
2008.

<19> Section 2.2.47: Not available in Windows NT, Windows 2000, Windows XP,
Windows Server 2003, Windows Vista, or Windows Server 2003 R2, or Windows Server
2008.

<20> Section 2.2.47: Windows services indicate service-specific error codes by setting
dwWin32ExitCode to ERROR_SERVICE_SPECIFIC_ERROR (1066) and setting the specific
error in the dwServiceSpecificExitCode member.

<21> Section 2.2.48: Not available in Windows NT, Windows 2000, Windows XP, and
Windows Server 2003.

<22> Section 2.2.49: Not available in Windows NT, Windows 2000, Windows XP, and
Windows Server 2003.

<23> Section 2.2.49: Available in Windows 7 and Windows Server 2008 R2.
<24> Section 2.2.49: Available in Windows 7 and Windows Server 2008 R2.

<25> Section 2.2.52: Available in Windows 7 and Windows Server 2008 R2.

<26> Section 2.2.53: Available in Windows 7 and Windows Server 2008 R2.

<27> Section 2.2.54: Available in Windows 7 and Windows Server 2008 R2.

<28> Section 2.2.55: Available in Windows 7 and Windows Server 2008 R2.

<29> Section 3.1.1: In Windows 2000, Windows XP, Windows Server 2003, and Windows
Server 2008 R2, localized strings are not supported.

<30> Section 3.1.1: Available in Windows 7 and Windows Server 2008 R2.

<31> Section 3.1.1: Available in Windows 7 and Windows Server 2008 R2.

<32> Section 3.1.4: Windows Vista, Windows Server 2008, Windows 7, and Windows
Server 2008 R2 clients use multiplexed RPC connections for RGetNotifyResults on
request if the server supports them, and they fall back to non-multiplexed connections if
the server doesn't support multiplexed connections.

<33> Section 3.1.4: Available in Windows 7 and Windows Server 2008 R2.

<34> Section 3.1.4: Gaps in the opnum numbering sequence apply to Windows as
follows.

Opnum Description

10 Only used locally by Windows, never remotely.

22 Only used locally by Windows, never remotely.

34 Only used locally by Windows, never remotely.

43 Only used locally by Windows, never remotely.

46 Only used locally by Windows, never remotely.

52 Only used locally by Windows, never remotely.

53 Only used locally by Windows, never remotely.

54 Only used locally by Windows, never remotely.

55 Only used locally by Windows, never remotely.

<35> Section 3.1.4.2: Windows waits 30 seconds for the service to respond.
<36> Section 3.1.4.4: In Windows NT, Windows 2000, Windows XP, Windows Server
2003, and Windows Server 2003 R2, after the database is locked, the server does not
allow further client operations on the database until it is unlocked. In Windows Vista,
Windows Server 2008, Windows 7, and Windows Server 2008 R2, the server ignores the
database lock.

In Windows NT 3.51 operating system, Windows NT 4.0 operating system, Windows

2000, Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2, and
Windows XP, the server responds with the error code
ERROR_SERVICE_DATABASE_LOCKED (1055) for RStartServiceA (section 3.1.4.30) and
RStartServiceW (section 3.1.4.19) RPCs if the database has been locked using
RLockServiceDatabase (section 3.1.4.4).

In Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, the
server does not respond with error code ERROR_SERVICE_DATABASE_LOCKED (1055) for
RStartServiceA (section 3.1.4.30) and RStartServiceW (section 3.1.4.19) RPCs after the
database is locked using RLockServiceDatabase (section 3.1.4.4).

<37> Section 3.1.4.4: In Windows NT, Windows 2000, Windows XP, Windows Server
2003, and Windows Server 2003 R2, after the database is locked, the server does not
allow further client operations on the database until it is unlocked. In Windows Vista,
Windows Server 2008, Windows 7, and Windows Server 2008 R2, the server ignores the
database lock.

In Windows NT 3.51, Windows NT 4.0, Windows 2000, Windows 2000 Server, Windows
Server 2003, Windows Server 2003 R2, and Windows XP, the server responds with the
error code ERROR_SERVICE_DATABASE_LOCKED (1055) for RStartServiceA (section
3.1.4.30) and RStartServiceW (section 3.1.4.19) RPCs if the database has been locked
using RLockServiceDatabase (section 3.1.4.4).

<38> Section 3.1.4.9: In Windows NT, Windows 2000, Windows XP, Windows Server
2003, and Windows Server 2003 R2, after the database is locked, the server does not
allow further client operations on the database until it is unlocked. In Windows Vista,
Windows Server 2008, Windows 7, and Windows Server 2008 R2, the server ignores the
database lock.

<39> Section 3.1.4.11: Windows fails the request with ERROR_INVALID_PARAMETER (87)
if the client tries to change the dwServiceType to SERVICE_FILE_SYSTEM_DRIVER or
SERVICE_KERNEL_DRIVER.

<40> Section 3.1.4.15: Windows fails the request with ERROR_ACCESS_DENIED (5) if the
client does not have sufficient access rights or for operations that do not match the
granted access right.

<41> Section 3.1.4.19: In Windows NT, Windows 2000, Windows XP, Windows Server
2003, and Windows Server 2003 R2, after the database is locked, the server does not
allow further client operations on the database until it is unlocked. In Windows Vista,
Windows Server 2008, Windows 7, and Windows Server 2008 R2, the server ignores the
database lock.

In Windows NT 3.51, Windows NT 4.0, Windows 2000, Windows 2000 Server, Windows
XP, Windows Server 2003, and Windows Server 2003 R2, the server responds with the
error code ERROR_SERVICE_DATABASE_LOCKED (1055) for RStartServiceA (section
3.1.4.30) and RStartServiceW (section 3.1.4.19) RPCs if the database has been locked
using RLockServiceDatabase (section 3.1.4.4).

<42> Section 3.1.4.19: Windows waits 30 seconds for the service to respond.

<43> Section 3.1.4.19: In Windows NT, Windows 2000, Windows XP, Windows Server
2003, and Windows Server 2003 R2, after the database is locked, the server does not
allow further client operations on the database until it is unlocked. In Windows Vista,
Windows Server 2008, Windows 7, and Windows Server 2008 R2, the server ignores the
database lock.

<44> Section 3.1.4.22: Windows fails the request with ERROR_INVALID_PARAMETER (87)
if the client tries to change dwServiceType to SERVICE_FILE_SYSTEM_DRIVER or
SERVICE_KERNEL_DRIVER.

<45> Section 3.1.4.26: Windows fails the request with ERROR_ACCESS_DENIED (5) if the
client does not have sufficient access rights or for operations that do not match the
granted access right.

<46> Section 3.1.4.30: In Windows NT, Windows 2000, Windows XP, Windows Server
2003, and Windows Server 2003 R2, after the database is locked, the server does not
allow further client operations on the database until it is unlocked. In Windows Vista and
later and Windows Server 2008 and later, the server ignores the database lock.

In Windows NT 3.51, Windows NT 4.0, Windows 2000, Windows 2000 Server, Windows
XP, Windows Server 2003, and Windows Server 2003 R2, the server responds with error
code ERROR_SERVICE_DATABASE_LOCKED (1055) for RStartServiceA (section 3.1.4.30)
and RStartServiceW (section 3.1.4.19) RPCs if the database has been locked using
RLockServiceDatabase (section 3.1.4.4).

In Windows Vista and later and Windows Server 2008 and later, the server does not
respond with error code ERROR_SERVICE_DATABASE_LOCKED (1055) for RStartServiceA
(section 3.1.4.30) and RStartServiceW (section 3.1.4.19) RPCs after the database is locked
using RLockServiceDatabase (section 3.1.4.4).

<47> Section 3.1.4.30: Windows waits 30 seconds for the service to respond.

<48> Section 3.1.4.30: In Windows NT, Windows 2000, Windows XP, Windows Server
2003, and Windows Server 2003 R2, after the database is locked, the server does not
allow further client operations on the database until it is unlocked. In Windows Vista and
later and Windows Server 2008 and later, the server ignores the database lock.

<49> Section 3.1.4.31: If the lpDisplayName buffer is insufficient to hold the complete
display name of the service, Windows fails the call and sets double of the size in chars of
the display name excluding the terminating null character in lpcchBuffer.

<50> Section 3.1.4.32: If the lpKeyName buffer is insufficient to hold the complete
service name of the service, Windows fails the call and sets double of the size in chars of
the service name excluding the terminating null character in lpcchBuffer.

<51> Section 3.1.4.34: In Windows NT, ERROR_CALL_NOT_IMPLEMENTED (120) is

returned.

<52> Section 3.1.4.34: Windows 2000, Windows XP, Windows Server 2003, Windows
Server 2003 R2, and Windows Vista return ERROR_INVALID_LEVEL if psti or pspn (see
section 2.2.21) is specified in the Info parameter.

<53> Section 3.1.4.35: Windows returns ERROR_CALL_NOT_IMPLEMENTED (120) for

Windows NT.

<54> Section 3.1.4.35: Windows 2000, Windows XP, Windows Server 2003, Windows
Server 2003 R2, and Windows Vista return ERROR_INVALID_LEVEL if psti or pspn
(section 2.2.21) is specified in the Info parameter.

<55> Section 3.1.4.36: Windows returns ERROR_CALL_NOT_IMPLEMENTED (120) for

Windows NT.

<56> Section 3.1.4.36: ERROR_INVALID_PARAMETER (87) is returned in Windows 2000,

Windows XP, Windows Server 2003, and Windows Server 2003 R2.

<57> Section 3.1.4.36: ERROR_INVALID_PARAMETER (87) is returned in Windows 2000,

Windows XP, Windows Server 2003, and Windows Server 2003 R2.

<58> Section 3.1.4.36: ERROR_INVALID_PARAMETER (87) is returned in Windows 2000,

Windows XP, Windows Server 2003, and Windows Server 2003 R2.

<59> Section 3.1.4.36: ERROR_INVALID_PARAMETER (87) is returned in Windows 2000,

Windows XP, Windows Server 2003, and Windows Server 2003 R2.
<60> Section 3.1.4.36: Windows returns ERROR_INVALID_PARAMETER (87) for Windows
2000, Windows XP, Windows Server 2003, and Windows Server 2003 R2.

<61> Section 3.1.4.36: ERROR_INVALID_PARAMETER (87) is returned in Windows 2000,

Windows XP, Windows Server 2003, and Windows Server 2003 R2.

<62> Section 3.1.4.36: Available in Windows 7 and Windows Server 2008 R2.

<63> Section 3.1.4.36: Note When the server is passing an invalid value for these
parameters, behavior can change based on the RPC runtime check. See RPC Runtime
Check Notes (section 3.2).

<64> Section 3.1.4.37: Windows returns ERROR_CALL_NOT_IMPLEMENTED (120) for

Windows NT.

<65> Section 3.1.4.37: Windows returns ERROR_INVALID_PARAMETER (87) for Windows

2000, Windows XP, Windows Server 2003, and Windows Server 2003 R2.

<66> Section 3.1.4.37: Windows returns ERROR_INVALID_PARAMETER (87) for Windows

2000, Windows XP, Windows Server 2003, and Windows Server 2003 R2.

<67> Section 3.1.4.37: Windows returns ERROR_INVALID_PARAMETER (87) for Windows

2000, Windows XP, Windows Server 2003, and Windows Server 2003 R2.

<68> Section 3.1.4.37: Windows returns ERROR_INVALID_PARAMETER (87) for Windows

2000, Windows XP, Windows Server 2003, and Windows Server 2003 R2.

<69> Section 3.1.4.37: Windows returns ERROR_INVALID_PARAMETER (87) for Windows

2000, Windows XP, Windows Server 2003, and Windows Server 2003 R2.

<70> Section 3.1.4.37: Windows returns ERROR_INVALID_PARAMETER (87) for Windows

2000, Windows XP, Windows Server 2003, and Windows Server 2003 R2.

<71> Section 3.1.4.37: Available in Windows 7 and Windows Server 2008 R2.

<72> Section 3.1.4.37: Note When the server is passing an invalid value for these
parameters, behavior can change based on the RPC runtime check. See RPC Runtime
Check Notes (section 3.2).

<73> Section 3.1.4.41: If the lpBinaryPathName has the "%windir%\System32" folder

specified within the path, which is the 64-bit location on 64-bit Windows, Windows
automatically replaces that folder with "%windir%\SysWow64", which is the 32-bit
location on 64-bit Windows.

<74> Section 3.1.4.43: Available in Windows Vista, Windows Server 2008 operating
system, Windows 7, and Windows Server 2008 R2.
<75> Section 3.1.4.44: Available in Windows Vista, Windows Server 2008, Windows 7,
and Windows Server 2008 R2.

<76> Section 3.1.4.44: Windows Vista, Windows Server 2008, Windows 7, and Windows
Server 2008 R2 clients use multiplexed RPC connections for RGetNotifyResults on
request if the server supports them, and they fall back to non-multiplexed connections if
the server doesn't support multiplexed connections.

<77> Section 3.1.4.45: Not available in Windows NT, Windows 2000, Windows XP, and
Windows Server 2003.

<78> Section 3.1.4.46: Available in Windows Vista, Windows Server 2008, Windows 7,
and Windows Server 2008 R2.

<79> Section 3.1.4.46: Windows waits 30 seconds for the service to respond.

<80> Section 3.1.4.47: Available in Windows Vista, Windows Server 2008, Windows 7,
and Windows Server 2008 R2.

<81> Section 3.1.4.47: Windows waits 30 seconds for the service to respond.

<82> Section 3.1.4.48: This method is available only in Windows 7.

<83> Section 3.1.4.49: This method is not available in Windows Server 2016 and earlier,
and Windows 10 and earlier.

<84> Section 3.1.4.49: This constant is not available in Windows 10 v1511 operating
system and earlier, and Windows Server 2012 R2 and earlier.

<85> Section 3.1.4.49: This constant is not available in Windows Vista and earlier, and
Windows Server 2008 and earlier.

<86> Section 3.1.4.49: This constant is not available in Windows 8 and earlier, and
Windows Server 2012 and earlier.

<87> Section 3.1.4.50: Not available in Windows 10 v1809 operating system and earlier,
and Windows Server v1809 operating system and earlier.

<88> Section 3.1.4.50: Windows fails the request with ERROR_ACCESS_DENIED (5) if the
client does not have sufficient access rights or for operations that do not match the
granted access right.
8 Change Tracking
Article04/27/2022

This section identifies changes that were made to this document since the last release.
Changes are classified as Major, Minor, or None.

The revision class Major means that the technical content in the document was
significantly revised. Major changes affect protocol interoperability or implementation.
Examples of major changes are:

A document revision that incorporates changes to interoperability requirements.

A document revision that captures changes to protocol functionality.

The revision class Minor means that the meaning of the technical content was clarified.
Minor changes do not affect protocol interoperability or implementation. Examples of
minor changes are updates to clarify ambiguity at the sentence, paragraph, or table
level.

The revision class None means that no new technical changes were introduced. Minor
editorial and formatting changes may have been made, but the relevant technical
content is identical to the last released version.

The changes made to this document are listed in the following table. For more
information, please contact [email protected].

Section Description Revision

class

6 Appendix A: 11278 : Added void methods to the IDL to ensure the Opnum of Major
Full IDL RCreateWowService is 64.
9 Index
Article01/04/2022

Abstract data model

server

ANSI and Unicode string formats - conversion

Applicability

Capability negotiation

Change tracking

Client - transport

Common data types

Common error codes

Conversion between ANSI and Unicode string formats

Data model - abstract

server

Data types

common - overview

ENUM_SERVICE_STATUS_PROCESSA structure

ENUM_SERVICE_STATUS_PROCESSW structure

ENUM_SERVICE_STATUSA structure

ENUM_SERVICE_STATUSW structure

Error codes
Events

local - server

timer - server

Examples

overview

Fields - vendor-extensible

Full IDL

Glossary

IDL

Implementer - security considerations

Index of security parameters

Informative references

Initialization

server

Introduction

Local events

server

LPENUM_SERVICE_STATUS_PROCESSA

LPENUM_SERVICE_STATUS_PROCESSW

LPENUM_SERVICE_STATUSA

LPENUM_SERVICE_STATUSW
LPQUERY_SERVICE_CONFIGA

LPQUERY_SERVICE_CONFIGW

LPQUERY_SERVICE_LOCK_STATUSA

LPQUERY_SERVICE_LOCK_STATUSW

LPSC_ACTION

LPSERVICE_DELAYED_AUTO_START_INFO

LPSERVICE_DESCRIPTIONA

LPSERVICE_DESCRIPTIONW

LPSERVICE_FAILURE_ACTIONS_FLAG

LPSERVICE_FAILURE_ACTIONSA

LPSERVICE_FAILURE_ACTIONSW

LPSERVICE_PREFERRED_NODE_INFO

LPSERVICE_PRESHUTDOWN_INFO

LPSERVICE_RPC_REQUIRED_PRIVILEGES_INFO

LPSERVICE_SID_INFO

LPSERVICE_STATUS

LPSERVICE_STATUS_PROCESS

LPSTRING_PTRSA

LPSTRING_PTRSW

MAX_SERVICE_NAME_LENGTH

Message processing

server

Messages

common data types

data types

overview

transport

client

overview

server

Methods

RChangeServiceConfig2A (Opnum 36)

RChangeServiceConfig2W (Opnum 37)

RChangeServiceConfigA (Opnum 23)

RChangeServiceConfigW (Opnum 11)

RCloseNotifyHandle (Opnum 49)

RCloseServiceHandle (Opnum 0)

RControlService (Opnum 1)

RControlServiceExA (Opnum 50)

RControlServiceExW (Opnum 51)

RCreateServiceA (Opnum 24)

RCreateServiceW (Opnum 12)

RCreateServiceWOW64A (Opnum 44)

RCreateServiceWOW64W (Opnum 45)

RCreateWowService (Opnum 60)

RDeleteService (Opnum 2)

REnumDependentServicesA (Opnum 25)

REnumDependentServicesW (Opnum 13)

REnumServiceGroupW (Opnum 35)

REnumServicesStatusA (Opnum 26)

REnumServicesStatusExA (Opnum 41)

REnumServicesStatusExW (Opnum 42)

REnumServicesStatusW (Opnum 14)

RGetNotifyResults (Opnum 48)

RGetServiceDisplayNameA (Opnum 32)

RGetServiceDisplayNameW (Opnum 20)

RGetServiceKeyNameA (Opnum 33)

RGetServiceKeyNameW (Opnum 21)

RLockServiceDatabase (Opnum 3)

RNotifyBootConfigStatus (Opnum 9)

RNotifyServiceStatusChange (Opnum 47)

ROpenSCManager2 (Opnum 64)

ROpenSCManagerA (Opnum 27)

ROpenSCManagerW (Opnum 15)

ROpenServiceA (Opnum 28)

ROpenServiceW (Opnum 16)

RQueryServiceConfig2A (Opnum 38)

RQueryServiceConfig2W (Opnum 39)

RQueryServiceConfigA (Opnum 29)

RQueryServiceConfigEx (Opnum 56)

RQueryServiceConfigW (Opnum 17)

RQueryServiceLockStatusA (Opnum 30)

RQueryServiceLockStatusW (Opnum 18)

RQueryServiceObjectSecurity (Opnum 4)
RQueryServiceStatus (Opnum 6)

RQueryServiceStatusEx (Opnum 40)

RSetServiceObjectSecurity (Opnum 5)

RSetServiceStatus (Opnum 7)

RStartServiceA (Opnum 31)

RStartServiceW (Opnum 19)

RUnlockServiceDatabase (Opnum 8)

Normative references

Overview (synopsis)

Parameters - security index

Preconditions

Prerequisites

Product behavior

Protocol Details

overview

PSC_RPC_NOTIFY_PARAMS_LIST

PSERVICE_CONTROL_STATUS_REASON_IN_PARAMSA

PSERVICE_CONTROL_STATUS_REASON_IN_PARAMSW

PSERVICE_CONTROL_STATUS_REASON_OUT_PARAMS

PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1

PSERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2

PSERVICE_TRIGGER
PSERVICE_TRIGGER_INFO

PSERVICE_TRIGGER_SPECIFIC_DATA_ITEM

PSTRING_PTRSA

PSTRING_PTRSW

QUERY_SERVICE_CONFIGA structure

QUERY_SERVICE_CONFIGW structure

QUERY_SERVICE_LOCK_STATUSA structure

QUERY_SERVICE_LOCK_STATUSW structure

RChangeServiceConfig2A (Opnum 36) method

RChangeServiceConfig2A method

RChangeServiceConfig2W (Opnum 37) method

RChangeServiceConfig2W method

RChangeServiceConfigA (Opnum 23) method

RChangeServiceConfigA method

RChangeServiceConfigW (Opnum 11) method

RChangeServiceConfigW method

RCloseNotifyHandle (Opnum 49) method

RCloseNotifyHandle method

RCloseServiceHandle (Opnum 0) method

RCloseServiceHandle method

RControlService (Opnum 1) method

RControlService method

RControlServiceExA (Opnum 50) method

RControlServiceExA method

RControlServiceExW (Opnum 51) method

RControlServiceExW method

RCreateServiceA (Opnum 24) method

RCreateServiceA method

RCreateServiceW (Opnum 12) method

RCreateServiceW method

RCreateServiceWOW64A (Opnum 44) method

RCreateServiceWOW64A method

RCreateServiceWOW64W (Opnum 45) method

RCreateServiceWOW64W method

RCreateWowService (Opnum 60) method

RDeleteService (Opnum 2) method

RDeleteService method

References

informative

normative

Relationship to other protocols

REnumDependentServicesA (Opnum 25) method

REnumDependentServicesA method

REnumDependentServicesW (Opnum 13) method

REnumDependentServicesW method

REnumServiceGroupW (Opnum 35) method

REnumServiceGroupW method

REnumServicesStatusA (Opnum 26) method

REnumServicesStatusA method

REnumServicesStatusExA (Opnum 41) method

REnumServicesStatusExA method

REnumServicesStatusExW (Opnum 42) method

REnumServicesStatusExW method

REnumServicesStatusW (Opnum 14) method

REnumServicesStatusW method

RGetNotifyResults (Opnum 48) method

RGetNotifyResults method

RGetServiceDisplayNameA (Opnum 32) method

RGetServiceDisplayNameA method

RGetServiceDisplayNameW (Opnum 20) method

RGetServiceDisplayNameW method

RGetServiceKeyNameA (Opnum 33) method

RGetServiceKeyNameA method

RGetServiceKeyNameW (Opnum 21) method

RGetServiceKeyNameW method

RLockServiceDatabase (Opnum 3) method

RLockServiceDatabase method

RNotifyBootConfigStatus (Opnum 9) method

RNotifyBootConfigStatus method

RNotifyServiceStatusChange (Opnum 47) method

RNotifyServiceStatusChange method

ROpenSCManager2 (Opnum 64) method

ROpenSCManagerA (Opnum 27) method

ROpenSCManagerA method

ROpenSCManagerW (Opnum 15) method

ROpenSCManagerW method

ROpenServiceA (Opnum 28) method

ROpenServiceA method

ROpenServiceW (Opnum 16) method

ROpenServiceW method

RPC runtime check notes

RQueryServiceConfig2A (Opnum 38) method

RQueryServiceConfig2A method

RQueryServiceConfig2W (Opnum 39) method

RQueryServiceConfig2W method

RQueryServiceConfigA (Opnum 29) method

RQueryServiceConfigA method

RQueryServiceConfigEx (Opnum 56) method

RQueryServiceConfigEx method

RQueryServiceConfigW (Opnum 17) method

RQueryServiceConfigW method

RQueryServiceLockStatusA (Opnum 30) method

RQueryServiceLockStatusA method

RQueryServiceLockStatusW (Opnum 18) method

RQueryServiceLockStatusW method

RQueryServiceObjectSecurity (Opnum 4) method

RQueryServiceObjectSecurity method

RQueryServiceStatus (Opnum 6) method

RQueryServiceStatus method

RQueryServiceStatusEx (Opnum 40) method

RQueryServiceStatusEx method

RSetServiceObjectSecurity (Opnum 5) method

RSetServiceObjectSecurity method

RSetServiceStatus (Opnum 7) method

RSetServiceStatus method

RStartServiceA (Opnum 31) method

RStartServiceA method

RStartServiceW (Opnum 19) method

RStartServiceW method

RUnlockServiceDatabase (Opnum 8) method

RUnlockServiceDatabase method

SC_ACTION structure

SC_ACTION_TYPE enumeration

SC_ENUM_TYPE enumeration

SC_MAX_ACCOUNT_NAME_LENGTH

SC_MAX_ARGUMENT_LENGTH

SC_MAX_ARGUMENTS

SC_MAX_COMMENT_LENGTH

SC_MAX_COMPUTER_NAME_LENGTH

SC_MAX_DEPEND_SIZE

SC_MAX_NAME_LENGTH

SC_MAX_PATH_LENGTH
SC_MAX_PWD_SIZE

SC_RPC_CONFIG_INFOA structure

SC_RPC_CONFIG_INFOW [Protocol]

SC_RPC_CONFIG_INFOW structure

SC_RPC_NOTIFY_PARAMS structure

SC_RPC_NOTIFY_PARAMS_LIST structure

SC_STATUS_TYPE enumeration

Security

implementer considerations

overview

parameter index

Sequencing rules

server

Server

abstract data model

initialization

local events

message processing

RChangeServiceConfig2A (Opnum 36) method

RChangeServiceConfig2W (Opnum 37) method

RChangeServiceConfigA (Opnum 23) method

RChangeServiceConfigW (Opnum 11) method

RCloseNotifyHandle (Opnum 49) method

RCloseServiceHandle (Opnum 0) method

RControlService (Opnum 1) method

RControlServiceExA (Opnum 50) method

RControlServiceExW (Opnum 51) method

RCreateServiceA (Opnum 24) method

RCreateServiceW (Opnum 12) method

RCreateServiceWOW64A (Opnum 44) method

RCreateServiceWOW64W (Opnum 45) method

RCreateWowService (Opnum 60) method

RDeleteService (Opnum 2) method

REnumDependentServicesA (Opnum 25) method

REnumDependentServicesW (Opnum 13) method

REnumServiceGroupW (Opnum 35) method

REnumServicesStatusA (Opnum 26) method

REnumServicesStatusExA (Opnum 41) method

REnumServicesStatusExW (Opnum 42) method

REnumServicesStatusW (Opnum 14) method

RGetNotifyResults (Opnum 48) method

RGetServiceDisplayNameA (Opnum 32) method

RGetServiceDisplayNameW (Opnum 20) method

RGetServiceKeyNameA (Opnum 33) method

RGetServiceKeyNameW (Opnum 21) method

RLockServiceDatabase (Opnum 3) method

RNotifyBootConfigStatus (Opnum 9) method

RNotifyServiceStatusChange (Opnum 47) method

ROpenSCManager2 (Opnum 64) method

ROpenSCManagerA (Opnum 27) method

ROpenSCManagerW (Opnum 15) method

ROpenServiceA (Opnum 28) method

ROpenServiceW (Opnum 16) method

RQueryServiceConfig2A (Opnum 38) method

RQueryServiceConfig2W (Opnum 39) method

RQueryServiceConfigA (Opnum 29) method

RQueryServiceConfigEx (Opnum 56) method

RQueryServiceConfigW (Opnum 17) method

RQueryServiceLockStatusA (Opnum 30) method

RQueryServiceLockStatusW (Opnum 18) method

RQueryServiceObjectSecurity (Opnum 4) method

RQueryServiceStatus (Opnum 6) method

RQueryServiceStatusEx (Opnum 40) method

RSetServiceObjectSecurity (Opnum 5) method

RSetServiceStatus (Opnum 7) method

RStartServiceA (Opnum 31) method

RStartServiceW (Opnum 19) method

RUnlockServiceDatabase (Opnum 8) method

sequencing rules

timer events

timers

Server - overview

SERVICE_CONTROL_STATUS_REASON_IN_PARAMSA structure

SERVICE_CONTROL_STATUS_REASON_IN_PARAMSW structure

SERVICE_CONTROL_STATUS_REASON_OUT_PARAMS structure
SERVICE_DELAYED_AUTO_START_INFO structure

SERVICE_DESCRIPTION_WOW64 structure

SERVICE_DESCRIPTIONA structure

SERVICE_DESCRIPTIONW structure

SERVICE_FAILURE_ACTIONS_FLAG structure

SERVICE_FAILURE_ACTIONS_WOW64 structure

SERVICE_FAILURE_ACTIONSA structure

SERVICE_FAILURE_ACTIONSW structure

SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_1 structure

SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2 structure

SERVICE_PREFERRED_NODE_INFO structure

SERVICE_PRESHUTDOWN_INFO structure

SERVICE_REQUIRED_PRIVILEGES_INFO_WOW64 structure

SERVICE_RPC_REQUIRED_PRIVILEGES_INFO structure

SERVICE_SID_INFO structure

SERVICE_STATUS structure

SERVICE_STATUS_PROCESS structure

SERVICE_TRIGGER structure

SERVICE_TRIGGER_INFO structure

SERVICE_TRIGGER_SPECIFIC_DATA_ITEM structure

Standards assignments

STRING_PTRSA structure

STRING_PTRSW structure

Timer events
server

Timers

server

Tracking changes

Transport

client

overview

server

Unicode string formats and ANSI - conversion

Vendor-extensible fields

Versioning

Asnt NDT Level 3: How and Why Become Certified
100% (6)
Asnt NDT Level 3: How and Why Become Certified
16 pages
(MS Oxwsrules) PDF
No ratings yet
(MS Oxwsrules) PDF
70 pages
(Ms-Odatajson) : Odata Protocol Json Format Standards Support Document
No ratings yet
(Ms-Odatajson) : Odata Protocol Json Format Standards Support Document
12 pages
(MS XJRNL) PDF
No ratings yet
(MS XJRNL) PDF
17 pages
Word, Excel, and Powerpoint Standards Support Readme
No ratings yet
Word, Excel, and Powerpoint Standards Support Readme
3 pages
Microsoft Wopi
No ratings yet
Microsoft Wopi
98 pages
(MS-DOC) : Word (.Doc) Binary File Format: Open Specifications Promise Microsoft Community Promise
No ratings yet
(MS-DOC) : Word (.Doc) Binary File Format: Open Specifications Promise Microsoft Community Promise
556 pages
[MS-OAPX]-210625
No ratings yet
[MS-OAPX]-210625
57 pages
Tasks Web Service Protocol ActiveSync
No ratings yet
Tasks Web Service Protocol ActiveSync
44 pages
MS Doc
No ratings yet
MS Doc
627 pages
(Ms-Oxopffb) : Public Folder-Based Free/Busy Protocol
No ratings yet
(Ms-Oxopffb) : Public Folder-Based Free/Busy Protocol
35 pages
(MS-BCP) : Bulk Copy File Format Structure Specification
No ratings yet
(MS-BCP) : Bulk Copy File Format Structure Specification
38 pages
(MS XLSB) 220517
No ratings yet
(MS XLSB) 220517
1,092 pages
[MS-WPODF]-170601
No ratings yet
[MS-WPODF]-170601
76 pages
(MS XLSX) 221115
No ratings yet
(MS XLSX) 221115
392 pages
(Ms-Oxctabl) : Table Object Protocol: Intellectual Property Rights Notice For Open Specifications Documentation
No ratings yet
(Ms-Oxctabl) : Table Object Protocol: Intellectual Property Rights Notice For Open Specifications Documentation
64 pages
Microsoft Corp. Microsoft Office File Formats - MS-PPT - PowerPoint PPT Binary File Format PDF
No ratings yet
Microsoft Corp. Microsoft Office File Formats - MS-PPT - PowerPoint PPT Binary File Format PDF
689 pages
(MS-BINXML) : SQL Server Binary XML Structure Specification: Open Specification Promise Community Promise
No ratings yet
(MS-BINXML) : SQL Server Binary XML Structure Specification: Open Specification Promise Community Promise
30 pages
MS Oe376
No ratings yet
MS Oe376
1,027 pages
MS XLS
No ratings yet
MS XLS
1,185 pages
(MS Ofref) PDF
No ratings yet
(MS Ofref) PDF
57 pages
MS Oms
No ratings yet
MS Oms
71 pages
MS Oxnspi
No ratings yet
MS Oxnspi
93 pages
MS Xopp
No ratings yet
MS Xopp
14 pages
(MS-IEDOCO) : Internet Explorer Standards Support Documentation
No ratings yet
(MS-IEDOCO) : Internet Explorer Standards Support Documentation
32 pages
MS PDF
No ratings yet
MS PDF
22 pages
(MS-OXWOOF) : Out of Office (OOF) Web Service Protocol
No ratings yet
(MS-OXWOOF) : Out of Office (OOF) Web Service Protocol
40 pages
MS Cepm
No ratings yet
MS Cepm
188 pages
MS Xca
No ratings yet
MS Xca
30 pages
MS XLSX
No ratings yet
MS XLSX
290 pages
(Ms-Oxwssmbx) : Site Mailbox Web Service Protocol
No ratings yet
(Ms-Oxwssmbx) : Site Mailbox Web Service Protocol
30 pages
Heaven Sent Me
From Everand
Heaven Sent Me
Mary Jinkens
No ratings yet
Microsoft Office File Formats Readme
No ratings yet
Microsoft Office File Formats Readme
3 pages
[MS-KQL]
No ratings yet
[MS-KQL]
29 pages
MS
No ratings yet
MS
1,124 pages
(Ms-Oxojrnl) : Journal Object Protocol: Intellectual Property Rights Notice For Open Specifications Documentation
No ratings yet
(Ms-Oxojrnl) : Journal Object Protocol: Intellectual Property Rights Notice For Open Specifications Documentation
23 pages
(MS Oxrtfex) 100505
No ratings yet
(MS Oxrtfex) 100505
33 pages
MS Ashttp
No ratings yet
MS Ashttp
41 pages
Applied Architecture Patterns on the Microsoft Platform
From Everand
Applied Architecture Patterns on the Microsoft Platform
Richard Seroter
No ratings yet
MS Oodf13
No ratings yet
MS Oodf13
835 pages
MS Fsas
No ratings yet
MS Fsas
930 pages
(MS Wopi) 140210
No ratings yet
(MS Wopi) 140210
59 pages
MS Oextxml
No ratings yet
MS Oextxml
14 pages
MS SSMDSWS
No ratings yet
MS SSMDSWS
468 pages
MS Oi29500
No ratings yet
MS Oi29500
930 pages
(MS Oxonote) PDF
No ratings yet
(MS Oxonote) PDF
21 pages
Visual SourceSafe 2005 Software Configuration Management in Practice
From Everand
Visual SourceSafe 2005 Software Configuration Management in Practice
Aleksandar Seovic
No ratings yet
MS Cifs
No ratings yet
MS Cifs
723 pages
(MS Odcff) 210422
No ratings yet
(MS Odcff) 210422
35 pages
Windows Management Instrumentation Interface
No ratings yet
Windows Management Instrumentation Interface
168 pages
(Ms-Oxpfoab) : Offline Address Book (OAB) Public Folder Retrieval Protocol
No ratings yet
(Ms-Oxpfoab) : Offline Address Book (OAB) Public Folder Retrieval Protocol
22 pages
(Ms-Oxwsitemid) : Web Service Item ID Algorithm: Intellectual Property Rights Notice For Open Specifications Documentation
No ratings yet
(Ms-Oxwsitemid) : Web Service Item ID Algorithm: Intellectual Property Rights Notice For Open Specifications Documentation
19 pages
MS Oxcmsg
No ratings yet
MS Oxcmsg
90 pages
MS Mde2
No ratings yet
MS Mde2
115 pages
[MS-IISS-GIET,BBSR]
No ratings yet
[MS-IISS-GIET,BBSR]
24 pages
(Ms-Astask) : Exchange Activesync: Tasks Class Protocol
No ratings yet
(Ms-Astask) : Exchange Activesync: Tasks Class Protocol
55 pages
MS WSDS
No ratings yet
MS WSDS
44 pages
MS Wfdaa
No ratings yet
MS Wfdaa
31 pages
(Ms-Oxodlgt) : Delegate Access Configuration Protocol
No ratings yet
(Ms-Oxodlgt) : Delegate Access Configuration Protocol
39 pages
(MS SSAS) 220727 Diff
No ratings yet
(MS SSAS) 220727 Diff
720 pages
(MS Gppref) 210625
No ratings yet
(MS Gppref) 210625
239 pages
Adobe Scan Dec 06, 2023
No ratings yet
Adobe Scan Dec 06, 2023
23 pages
Holiday Homework Delhi Schools
100% (2)
Holiday Homework Delhi Schools
8 pages
Student - Book - ORT - GKA - L17 - Floppy - The - Hero - 20200316 - 200316135413
100% (6)
Student - Book - ORT - GKA - L17 - Floppy - The - Hero - 20200316 - 200316135413
20 pages
LGA 2 Chapter 4
No ratings yet
LGA 2 Chapter 4
11 pages
Resumen Parcial N°2
No ratings yet
Resumen Parcial N°2
16 pages
CUMMINS Power Unit QSK23
100% (1)
CUMMINS Power Unit QSK23
6 pages
RBE Revolution Current Affairs Eng Updated Till Dec 2023 Last 1
No ratings yet
RBE Revolution Current Affairs Eng Updated Till Dec 2023 Last 1
174 pages
Section 27 - Joints Filler
No ratings yet
Section 27 - Joints Filler
3 pages
4_5951643350091174913
No ratings yet
4_5951643350091174913
23 pages
Assembly Manual For Bud Guitar Tube Amp KIT
No ratings yet
Assembly Manual For Bud Guitar Tube Amp KIT
23 pages
Implementing Improvement Strategies To Prevent Unplanned Extubation in Neonatal Intensive Care Units - SLIDE DECK
No ratings yet
Implementing Improvement Strategies To Prevent Unplanned Extubation in Neonatal Intensive Care Units - SLIDE DECK
19 pages
Understanding EVA V2
No ratings yet
Understanding EVA V2
11 pages
Coding Theory Lecturs For M Al-Ashker
No ratings yet
Coding Theory Lecturs For M Al-Ashker
101 pages
Autodesk Civil 3D Fundamentals: Course Length: 4 Days
No ratings yet
Autodesk Civil 3D Fundamentals: Course Length: 4 Days
5 pages
PPA_Unit1 Indian Administration Kautilya
No ratings yet
PPA_Unit1 Indian Administration Kautilya
7 pages
Analysis of Ife, Efe and QSPM Matrix On Business Development Strategy
No ratings yet
Analysis of Ife, Efe and QSPM Matrix On Business Development Strategy
11 pages
Tax Case Digests
100% (3)
Tax Case Digests
21 pages
Aquatech Refrigeration en
No ratings yet
Aquatech Refrigeration en
8 pages
Security With HTTPS and SSL Android Developers
No ratings yet
Security With HTTPS and SSL Android Developers
7 pages
Sand Art Club
No ratings yet
Sand Art Club
18 pages
Nitk Academic Calendar
No ratings yet
Nitk Academic Calendar
1 page
Evangelista, Rizamae - Case Study 1
No ratings yet
Evangelista, Rizamae - Case Study 1
6 pages
Expel Prosys Service Catalog
No ratings yet
Expel Prosys Service Catalog
8 pages
Measuring Liquidity: Ratio Analysis
No ratings yet
Measuring Liquidity: Ratio Analysis
33 pages
MATLABSimulink Modeling and Experimental Results o
No ratings yet
MATLABSimulink Modeling and Experimental Results o
8 pages
FACT FACT Plus Information Brochure
No ratings yet
FACT FACT Plus Information Brochure
11 pages
Linux Firewall - IPTABLES
100% (1)
Linux Firewall - IPTABLES
8 pages
Managing The Environment Managing Ourselves A History of American Environmental Policy Second Edition Richard N. L. Andrews
100% (7)
Managing The Environment Managing Ourselves A History of American Environmental Policy Second Edition Richard N. L. Andrews
84 pages
Beyond Capitalism Syllabus
No ratings yet
Beyond Capitalism Syllabus
9 pages