Re: Can a service, running as NetworkService, access a remote Named Pipe?



"mario.beutler" <mario.beutler@xxxxxxxxxx> wrote in message news:ee5cf483-f717-4c5c-b443-1ebc4d8f0a59@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Can a service, running as the NetworkService, access a named pipe on a
remote server that was created Everyone having Read/Write access (or
with security descriptor = SDDL_NETWORK_SERVICE)?

Running as "Network Service" means "authenticate remotely as this computer". So, whatever access restrictions you put on a remote resource must accept access by the computer account requesting access.

Since you've also tried "Everyone", it's possible that the issue is not just this, but also that your receiving computer is not accepting the sending computer's credentials. Are these computers joined to the same domain?

Is there any way to do this WITHOUT add the pipe to the
"NullSessionPipes" registry key on the server? (I think,
NullSessionPipes are unsecure.)

NullSessionPipes - definitely unsecure, because they open access up to anyone, without any requirement to authenticate yourself.

My client and the remote named pipe server are running on 2 XP
workstations. The 2 workstations are not members of a domain.

OK, you answered my question for me - I'm not much up on non-domain-based authentication - with users, you can simply create the same named user account on both systems, with the same password. I'm not sure how you add a computer account to a remote machine in a workgroup so that they can cross-authenticate. Search on some terms like "creating a computer account", "workgroup authentication", etc.

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.


.



Relevant Pages

  • Re: Replacing Domain Controller
    ... Well I would have demoted the old dc first so that active directory was ... updated properly and then either reset or remove that computer account. ... > You've enabled NetBIOS over TCP/IP on the new server? ... >> remote office. ...
    (microsoft.public.windows.server.general)
  • Access a share mounted in the HKLMSoftware ...Run key
    ... I would like to setup a Windows 2003 server with a software running as ... The service run under the computer account ... I would like the service to access the data on the remote share. ...
    (microsoft.public.windows.server.general)
  • Re: Admin Share problem? MP problems?
    ... I cant add the computer account to the admin group due to the remote server ...
    (microsoft.public.sms.admin)
  • Re: Access a share mounted in the HKLMSoftware ...Run key
    ... I would like to setup a Windows 2003 server with a software running as ... I would like the service to access the data on the remote share. ... I setup the rights on the remote share. ... If I open a cmd box under the local computer account (computername ...
    (microsoft.public.windows.server.networking)
  • SecurityFocus Microsoft Newsletter #152
    ... MICROSOFT VULNERABILITY SUMMARY ... Real Networks Helix Universal Server Remote Buffer Overflow ... ... NEW PRODUCTS FOR MICROSOFT PLATFORMS ...
    (Focus-Microsoft)