8 Appendix C: Product Behavior
The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.
The terms "earlier" and "later", when used with a product version, refer to either all preceding versions or all subsequent versions, respectively. The term "through" refers to the inclusive range of versions. Applicable Microsoft products are listed chronologically in this section.
Windows Client
Windows XP operating system
Windows Vista operating system
Windows 7 operating system
Windows 8 operating system
Windows 8.1 operating system
Windows 10 operating system
Windows 11 operating system
Windows Server
Windows Server 2003 operating system
Windows Server 2008 operating system
Windows Server 2008 R2 operating system
Windows Server 2012 operating system
Windows Server 2012 R2 operating system
Windows Server 2016 operating system
Windows Server 2019 operating system
Windows Server 2022 operating system
Windows Server 2025 operating system
Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.
Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.
<1> Section 1.3: Windows implements expert authentication using the Offer Remote Assistance Helpers Group. DCOM will only allow members of this group to execute the Remote Assistance Initiation Protocol methods.
Windows XP and Windows Server 2003 do not implement IRASrv. A novice running one of these versions of Windows cannot be initiated through IRASrv.
Windows XP and Windows Server 2003 implement IPCHService. A Windows XP or Windows Server 2003 novice can be initiated only through IPCHService.
A Windows Vista and later and Windows Server 2008 and later expert first attempts to call IRASrv, and if that fails, the expert then attempts to call the IPCHService interface.
A Windows XP or Windows Server 2003 expert will only attempt to call IPCHService and will not be able to connect to a novice running Windows Vista and later or Windows Server 2008 and later.
<3> Section 2.2.1: This form of the Remote Assistance Connection String is obtained from Remote Assistance running on a Windows XP or Windows Server 2003 novice.
<4> Section 2.2.2: This form of the Remote Assistance Connection String is not available on Windows XP and Windows Server 2003.
<5> Section 2.2.2: The KH2 attribute is not implemented in Windows XP or later.
<6> Section 3.1.4.1: This interface and its called interfaces, IPCHCollection and ISAFSession, are only called by Windows XP and Windows Server 2003.
<7> Section 3.1.4.1: Opnums 3 and 4 are used used locally by Windows, never remotely.
<8> Section 3.1.4.1.1: Access denied error is returned only for Windows XP operating system Service Pack 1 (SP1) and the initial release of Windows Server 2003.
<9> Section 3.1.4.1.2: Access denied error is returned only for Windows XP SP1 and the initial release of Windows Server 2003.
<10> Section 3.1.4.1.2.1: Gaps in the opnum numbering sequence apply to Windows as follows.
|
Opnum |
Description |
|---|---|
|
3-4 |
Only used locally by Windows, never remotely. |
<11> Section 3.1.4.1.2.2: Gaps in the opnum numbering sequence apply to Windows as follows.
|
Opnum |
Description |
|---|---|
|
3-4 |
Only used locally by Windows, never remotely. |
<12> Section 3.3.4.1: This interface is not implemented in Windows XP and Windows Server 2003.
<13> Section 3.3.4.1: Gaps in the opnum numbering sequence apply to Windows as follows.
|
Opnum |
Description |
|---|---|
|
3-4 |
Only used locally by Windows, never remotely. |
<14> Section 5.1: For DCOM authentication/authorization in Windows Vista and later and Windows Server 2008 and later, the following are used:
Authentication Service - RPC_C_AUTHN_WINNT
Authorization Service - RPC_C_AUTHZ_DEFAULT
Authentication Level - RPC_C_AUTHN_LEVEL_PKT_PRIVACY
Impersonation Level - RPC_C_IMP_LEVEL_IMPERSONATE
For DCOM authentication/authorization in Windows XP and Windows Server 2003, all defaults are used.
<15> Section 6: In Windows, the XML file has the extension MSRCIncident.
<16> Section 6: This version is specific to Windows XP and Windows Server 2003.
<17> Section 6: A password can be used in Windows XP and Windows Server 2003. For security reasons it is advisable to protect the Remote Assistance invitation file using a password.
In Windows XP and Windows Server 2003, when a password is used, it is encrypted using PROV_RSA_FULL predefined Cryptographic provider with MD5 hashing and CALG_RC4, the RC4 stream encryption algorithm. More details are in the Cryptography Reference [MSDN-CRYPTO].
The password is translated into a Unicode string before it is hashed. The passStub is a 14 character Unicode string. Also, the passStub is prefixed with a four-byte integer that contains the number of bytes in the following data string, as defined in BSTR data type ([MS-DTYP] section 2.2.5), when performing the encryption.
<18> Section 6: This diagram applies to Windows XP and Windows Server 2003 implementations only.
<19> Section 6: This type is specific to Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2 operating system, Windows 8, and Windows Server 2012.
<20> Section 6: In Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012, the password is mandatory and it is encrypted using the MS_ENH_RSA_AES_PROV predefined Cryptographic provider with CALG_SHA hashing and the CALG_AES_128 encryption algorithm. The cipher mode used can be CRYPT_MODE_CBC and the password used during the encryption process is a Unicode string.
<21> Section 6: This attribute can be present for Windows XP and Windows Server 2003 compatibility.
<22> Section 6: This diagram applies to the following Windows implementations: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012.