7 Appendix B: Product Behavior

  • Article

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.

  • Windows Vista operating system

  • Windows Server 2008 operating system

  • Windows 7 operating system

  • Windows Server 2008 R2 operating system

  • Windows 8 operating system

  • Windows Server 2012 operating system

  • Windows 8.1 operating system

  • Windows Server 2012 R2 operating system

  • Windows 10 operating system

  • Windows Server 2016 operating system

  • Windows Server operating system

  • Windows Server 2019 operating system

  • Windows Server 2022 operating system

  • Windows 11 operating system

  • Windows Server 2025 operating system

Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.

<1> Section 1.3.2:  Windows uses various spool file formats, such as enhanced metafile spool format (EMFSPOOL) or RAW format. On Windows Vista, Windows 7, Windows 8, Windows 8.1, and Windows 10, the XML Paper Specification format can also be used. For more information about these formats, see [MS-EMFSPOOL], [MSDN-SPOOL], and [MSDN-XMLP], respectively.

<2> Section 2.1:  For more information about the significance of the authentication levels, see [MSFT-CVE-2021-1678] and [MSFT-PRPCBC].

<3> Section 2.1: For information concerning Windows authentication-service constants, see [MSDN-AUTHN].

<4> Section 2.1: Windows print servers impersonate clients when processing methods, and they register SPNEGO [MS-SPNG] security providers.

<5> Section 2.2.8: For Windows implementations, the driver version is matched to the version portion of the INF file DriverVer member. For information about INF file syntax, see [MSDN-UINF].

<6> Section 3.1.1: Job Named Properties are not supported by the following Windows versions: Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

<7> Section 3.1.1: Branch Office Print Remote Log Entries are not supported by the following Windows versions: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012.

<8> Section 3.1.3:  For more information about the significance of the authentication levels, see [MSFT-CVE-2021-1678] and [MSFT-PRPCBC].

<9> Section 3.1.4: The job named property management methods are not supported on the following Windows versions: Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

<10> Section 3.1.4: Branch office print remote logging methods are not supported on the following Windows versions: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012.

<11> Section 3.1.4.2.7: All Windows versions: pszInfPath points to an INF file. For more information on INF file structure, see [MSDN-UINF].

<12> Section 3.1.4.2.7: These validation steps are not performed on the following Windows versions: Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

<13> Section 3.1.4.2.7: Windows print servers attempt to locate driver packages containing class printer drivers using the Windows Update protocol described in [MS-WUSP].

<14> Section 3.1.4.2.7: These validation steps are not performed on the following Windows versions: Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

<15> Section 3.1.4.2.7: These validation steps are not performed on the following Windows versions: Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

<16> Section 3.1.4.2.7: When a print client installs a printer driver to a print server by using RpcAsyncInstallPrinterDriverFromPackage (section 3.1.4.2.7), the print server determines how to set the Boolean values representing each of the printer driver's attributes based on data that the print server reads from the printer driver manifest (if present) and the driver installation control file.

<17> Section 3.1.4.2.7: Windows print servers attempt to locate driver packages containing class printer drivers using the Windows Update protocol described in [MS-WUSP].

<18> Section 3.1.4.2.7: Class printer drivers and derived printer drivers are not supported on the following Windows versions: Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

<19> Section 3.1.4.2.8: All Windows versions: pszInfPath points to an INF file. For more information on INF file structure, see [MSDN-UINF].

<20> Section 3.1.4.2.8: Windows servers impersonate the client when processing this call, but the impersonation token does not have delegation permission and therefore cannot be used to access files not located on the server itself. Therefore, Windows clients create a unique directory under the server's "print$" share and copy the driver files to that directory before invoking this method. The server will copy the files from there to the final location in the driver store.

<21> Section 3.1.4.2.8: All Windows versions: Printer drivers are described by INF files. For more information, see [MSDN-UINF].

<22> Section 3.1.4.2.9: All Windows versions: The IDs are the GUIDString representations of 128-bit GUIDs.

<23> Section 3.1.4.2.10: All Windows versions: The driver date is matched to the date portion of the INF DriverVer member. For information on INF file syntax, see [MSDN-UINF].

<24> Section 3.1.4.2.10: All Windows versions: The driver version is matched to the version portion of the INF DriverVer member. For information on INF file syntax, see [MSDN-UINF].

<25> Section 3.1.4.2.11: All Windows versions: The Language string is specified using the identifiers specified for the "Locale Name" in [MSDN-MUI].

<26> Section 3.1.4.2.11: All Windows versions: pszDriverPackageCab points to a string containing the path name of a cabinet file for the driver package; for more information, see [MSDN-CAB].

<27> Section 3.1.4.2.11: All Windows versions: If the parameter is zero, Windows fills in the variable pointed to by pcchRequiredSize with the valid size.

<28> Section 3.1.4.2.12: In Windows implementations, pszInfPath points to a string containing the path of an INF file. For more information on INF file structure, see [MSDN-UINF].

<29> Section 3.1.4.2.12: Windows verifies that the specified driver package is not a printer driver package that ships with Windows. If this validation fails, the server returns ERROR_ACCESS_DENIED, meaning that deletion of printer driver packages that ship with Windows is not allowed

<30> Section 3.1.4.9.1: In Windows, the server verifies that printer object handles have been opened with an access level that includes PRINTER_ACCESS_USE ([MS-RPRN] section 2.2.3.1). No such authorization check is performed on server object handles.

<31> Section 3.1.4.10.1: The RpcAsyncGetJobNamedPropertyValue method is not supported by the following Windows versions: Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

<32> Section 3.1.4.10.2: The RpcAsyncSetJobNamedProperty method is not supported by the following Windows versions: Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

<33> Section 3.1.4.10.3: The RpcAsyncDeleteJobNamedProperty method is not supported by the following Windows versions: Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

<34> Section 3.1.4.10.4: The RpcAsyncEnumJobNamedProperties method is not supported by the following Windows versions: Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

<35> Section 3.1.4.11.1: The RpcAsyncLogJobInfoForBranchOffice method (section 3.1.4.11.1) is not supported on the following Windows versions: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012.

<36> Section 3.2.3: All Windows client implementations derive the RPC binding directly from the respective server name or printer name parameter.

No Windows server implementations support RPC binding handles that are not derived from the respective server name or printer name parameter, and the behavior resulting from receiving such an RPC binding handle is undefined.

<37> Section 3.2.3:  For more information about the significance of the authentication levels, see [MSFT-CVE-2021-1678] and [MSFT-PRPCBC].

<38> Section 3.2.3: In the Windows implementation, the client creates the binding handle, verifies the security capability of the remote server, and invokes the Print System Asynchronous Remote method.

To verify the security capability of the server, the client invokes the rpc_mgmt_inq_princ_name method of the Remote Management Interface ([C706] appendix Q and [MS-RPCE] section 2.2.1.3.4) to retrieve the principal name "princ_name" for the SPNEGO authentication service. This invocation is done prior to every Print System Asynchronous Remote method call.

If this invocation succeeds, authentication with the remote peer is deemed possible, and the RPC runtime is configured to use the SPNEGO security provider with the RPC_C_AUTHN_GSS_NEGOTIATE and RPC_C_AUTHN_LEVEL_PKT_PRIVACY flags and the retrieved principal name for subsequent RPC method calls to the server.

Because this protocol is only supported on Windows print servers, Windows Vista, Windows 7, Windows 8, Windows 8.1, and Windows 10 print clients first attempt to connect using this protocol. If the connection fails, clients revert to using the Print System Remote Protocol as specified in [MS-RPRN].

<39> Section 3.2.4: All Windows versions: Clients ignore errors and pass them back to the invoker.

<40> Section 5: All Windows versions: The Windows print server follows a security model where the print server, print queue, and print job are securable resources. Each of the previously mentioned resources has an associated SECURITY_DESCRIPTOR structure ([MS-DTYP] section 2.4.6), which contains the security information that is associated with a resource on the print server. The print server checks the RPC client's access to resources by comparing the security information that is associated with the caller against the security information that is represented by the resource's security descriptor.

Each RPC client has an associated access token containing the security identifier of the user making the RPC call. The security descriptor identifies the printing resource's owner and contains a discretionary access control list (DACL). The DACL contains access control entries (ACEs) that specify the security identifier (SID) that identifies a user or a group of users and the access rights allowed, denied, or audited. For resources on a print server, the ACEs specify operations such as print, manage printers, and manage documents in a print queue.

The security descriptor that is associated with the print server or print queue controls the creation of the context handle that represents a PRINTER_HANDLE structure ([MS-RPRN] section 2.2.1.1.4). It also controls the outcome of operations that use the PRINTER_HANDLE, from printing management to listening for notifications.

The security descriptor of a Windows print server is used to control the creation and deletion of print queues on the server and the installation of print system components, such as the printer driver, print processors, port monitors, or resources on the print server. The Windows print server security descriptor is not accessible to be modified by callers. In addition to being used to control the caller's access to resources, the Windows print server security descriptor is also used as "parent" in the creation of the print queue's security descriptor.

Note: The security descriptor of a Windows print server is different from the security descriptor that is applied on the spoolss named pipe. The spoolss named pipe security descriptor controls the RPC client's access to make RPC calls to the print server. The Windows print server security descriptor is used to control the caller's permissions to perform various operations on the print server.

The print queue's security descriptor controls the setting of properties for the print queue, such as the port and driver that are used for printing, device settings, sharing, and security. The user is allowed to manage, print, and so on. The printer security descriptor allows auditing operations, such as print, manage printers and documents, read and change permissions, and take ownership.

Each print job has an associated security descriptor, which is created by using the print queue's security descriptor as parent. The user who submitted the document for printing is the owner for the print job and has permissions to manage the print job during its lifetime.

When the caller opens a PRINTER_HANDLE structure for a specific printing resource, it specifies the access that is needed for the operations for which the handle is being opened, such as "administrate printer or server"; "use printer or print server for printing"; or "read, write, or administrate job". If the caller has the requested permissions, the print handle is created and can be used in subsequent calls.

Besides handle-based operations, the security descriptor is used for access checks when enumerations, driver package installation, or other non-handle-based operations are performed. The access checks are primarily about testing whether the initiator of the operation has enough use or administer privileges on the resource that is being targeted by that operation. For example, an access check might be whether the initiator of the operation has the privilege to pause a printer.