Named-pipes puzzle solved for admins

Many Windows server products use named pipes to communicate with other servers and processes. Pipes are usually invisible and silent. But that's not always good—for instance, if you inherit someone else's server, and you don't know which services might be opening named pipes, that could constitute an attack vector. Now there's a utility to get to the bottom of the named-pipe puzzle.

Many Windows server products, such as SQL Server, not to mention Windows itself), use named pipes for communicating with other servers and processes. Pipes are usually invisible and silent; you don't interact with them and you don't generally learn a lot about them.

But there are times that's not necessarily a good thing—for instance, if you inherit someone else's server, and you don't know which services might be opening named pipes, which could constitute an attack vector. If you don't know about the existence of a named pipe that anyone can connect to, or don't know what the available permissions are on a named pipe, it can be difficult to find out.

Programmer Craig Peacock has written a utility to get to the bottom of the named-pipe puzzle: Pipesec, also known as the Win32 Pipe Security Viewer. When run on any version of 32-bit Windows, it will return a list of available pipes—even on a desktop Windows XP system, there are quite a few!—and can be used to examine and change the security information, permissions, ownership and auditing for any pipe.

The program's basic mode consists of a simple dump of the local pipe list, which you can obtain by running the program without any switches. If you want to bring up the access control list for a given pipe, type pipesec \\.\pipe\ , where  is the actual pipe name. If you use the syntax pipesec \\.\pipe, you'll get the default pipe security descriptor.

To examine or edit the ACL for a pipe on another computer, use pipesec \\ \pipe\ , where  is the remote address of a computer (either an Internet address or a NetBIOS address). Note: You won't be able to talk to a computer's remote pipes unless they are allowed to send and receive RPC messages. For instance, if they're behind a firewall, this will generally not work.

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators. He is also the author of the book Windows Server Undocumented Solutions.

More information from SearchWinSystems.com


This was first published in June 2006

Dig deeper on Windows Server Troubleshooting

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close