security and pipes explained


Markus Humm


sorry for posting to more than one group, but I simply don't know
exactly which one would be suited best, since it involves programming
and bvasic explanation (from a security administration point of view) of
that topic as well

I'm a win32 developper but new to security related things in Win32.
I've a server and a client application where the server sets up a named
pipe and writes some importand value for the client to it if the client

I've two PCs to test with, one in on our company network, that it within
a domain and has a 2nd network card. The other PC (both XP prof.) is on
a private peer to peer network connected to the 2nd NIC of the first PC.
If he (the 2nd PC) is the server I can connect from the domain member PC
to it with my client. If the domain member is to be the server the other
can't connect. He doesn't see the pipe I think because he can't
authenticate properly or so.

Who can explain this security topic to me in such a detail that I can
understand it? When creating the pipe I can assign either no security
attributes (so it inherits the ones of the app. I think) or I can
specify a NULL security entry which, according to MSDN should give
access to everybody, but that's a lie! I can't connect then as well if
the domain member PC is going to be the server.

It also doesn't work if both, server and client, sit on PCs which belong
to the domain. The non domain member PC is currently configured nearly
as open as I can imagine (allowing nearly all access). I want to be able
to change this, but I fear to break the pipe access then.



Roger Abell [MVP]

Your application is probably attempting to make an anonymous
connection to the named pipe, and in the domain policies, quite
correctly, disallow these anonymous connections.
There is a policy in the Security Options in group policy that
controls this (you will find these in the Network Access category).
It is pretty standard to disable all anonymous access these days,
so prehaps, if this is your issue, you need to rethink the design of
your application's network communications.

Markus Humm

OK, I assumed such a this already.
Maybe yes, but how to make a not annonymus call to that pipe? Is this
possible? I either didn't yet see any hints to this or I overlooked them
thus far. Could you point me into a good direction?



Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question