WinSecWiki > Security Settings > Local Policies > Security Options > Network Access > Named Pipes that can be accessed anonymously
Network access: Named Pipes that can be accessed anonymously
A named pipe is a Windows specific interprocess communication method that allows processes on the same or different systems to communicate with each other. This setting allows you to define exceptions to the “Network Access: Restrict anonymous access to Named Pipes and Shares” setting below. Pipes listed in this setting can still be accessed anonymously (aka Null Session) even if “Network Access: Restrict anonymous access to Named Pipes and Shares” is enabled. This setting is necessary since there are a few components of Windows with name pipes that must allow anonymous access in order to function.
Default value:
- COMNAP - SNABase named pipe. Systems Network Architecture (SNA) is a collection of network protocols that were originally developed for IBM mainframe computers
- COMNODE - SNA Server named pipe
- SQL\QUERY - Default named pipe for SQL Server.
- SPOOLSS - Named pipe for the Print Spooler service
- Netlogon
- Lsarpc
- Samr
- Browser
Good post: http://blogs.msdn.com/spatdsg/archive/2006/05/15/598260.aspx
Bottom line
Typically you should leave this setting with its defaults. It’s possible you may install software that requires an adjustment to this setting in order to function or in the past there have been security vulnerabilities in which a workaround was to remove the affected named pipe from this list.
Back to top