Re: Can a service, running as NetworkService, access a remote Named Pipe?



"mario.beutler" <mario.beutler@xxxxxxxxxx> wrote in message news:ee5cf483-f717-4c5c-b443-1ebc4d8f0a59@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Can a service, running as the NetworkService, access a named pipe on a
remote server that was created Everyone having Read/Write access (or
with security descriptor = SDDL_NETWORK_SERVICE)?

Running as "Network Service" means "authenticate remotely as this computer". So, whatever access restrictions you put on a remote resource must accept access by the computer account requesting access.

Since you've also tried "Everyone", it's possible that the issue is not just this, but also that your receiving computer is not accepting the sending computer's credentials. Are these computers joined to the same domain?

Is there any way to do this WITHOUT add the pipe to the
"NullSessionPipes" registry key on the server? (I think,
NullSessionPipes are unsecure.)

NullSessionPipes - definitely unsecure, because they open access up to anyone, without any requirement to authenticate yourself.

My client and the remote named pipe server are running on 2 XP
workstations. The 2 workstations are not members of a domain.

OK, you answered my question for me - I'm not much up on non-domain-based authentication - with users, you can simply create the same named user account on both systems, with the same password. I'm not sure how you add a computer account to a remote machine in a workgroup so that they can cross-authenticate. Search on some terms like "creating a computer account", "workgroup authentication", etc.

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.


.