Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How to use named pipe filters in Windows XP SP2, in Windows Server 2003 SP1, and in later versions of these operating systems


View products that this article applies to.

Introduction

This article discusses how to use named pipe filters in Microsoft Windows XP Service Pack 2 (SP2), in Microsoft Windows Server 2003 Service Pack 1 (SP1), and in later versions of these operating systems.

A pipe is a technique for passing information from one program process to another program process. Unlike other forms of inter-process communication (IPC), a pipe is a one-way communication. For example, a pipe passes a parameter, such as the output of a process, to a second process. This second process accepts the output of the first process as input. Then, the operating system temporarily holds the piped information until the receiving process reads that information. For two-way communication between processes, you can set up two pipes. In this scenario, one pipe faces one direction, and the other pipe faces the other direction.

However, there is a limitation of pipes for IPC. The limitation occurs when the processes that use pipes have a common parent process. Therefore, they must share a common open process or initiation process. Then, they must be created by a fork system call from a parent process. A pipe's size is at least 4,096 bytes.

A named pipe is an extension of the traditional pipe. A traditional pipe is unnamed because it exists anonymously. It persists only for as long as the process runs. A named pipe is system-persistent and exists beyond the life of the process. You must unlink or delete the named pipe when it is no longer being used. Processes, such as a file, generally attach to the named pipe to perform IPC. Named pipes are closely related to "device special" files. Like "device special" files, pipes do not refer to actual data that is stored in the file system.

Named pipe filtering service was introduced in Windows XP SP2 and in Windows Server 2003 SP1, and is available in later versions of these operating systems. Named pipe filtering service is used to enable or to block access to named pipes. Information about how to enable named pipe filtering is discussed in the "More Information" section.

↑ Back to the top


More information

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Enable dynamic filtering of named pipes

To enable dynamic filtering of named pipes, create the PipeFirewallActive registry entry, and set the value to 1 for this entry. Then, you do not have to restart the computer. To do this, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
  3. On Edit menu, click New, and then click DWORD Value.
  4. Type PipeFirewallActive as the name for the DWORD value.
  5. Right-click PipeFirewallActive, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Exit Registry Editor.

Create a list of named pipes

To create a list of named pipes that you can access, add the list of named pipes as values for the AllowedPipes registry value. Then, you do not have to restart the computer. To do this, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters
  3. On the Edit menu, click New, and then click Multi-String Value.
  4. Type AllowedPipes as the name for the Multi-String value.
  5. Right-click AllowedPipes, and then click Modify.
  6. In the Value data box, type the list of named pipes, and then click OK.
  7. Exit Registry Editor.
When the value of the PipeFirewallActive registry entry is set to 1, and the string values of the AllowedPipes registry entry list various named pipes, the server service only enables access to those named pipes whose names are found in the AllowedPipes list. All other named pipes are blocked.

Remove a named pipe from the "AllowedPipes" list

To remove a named pipe from the AllowedPipes list, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters
  3. Right-click AllowedPipes, and then click Modify.
  4. In the Value data box, select one or more named pipes that you want to delete. Right-click the selection, and then click Delete.
  5. Click OK to remove the named pipes from the AllowedPipes list.

    Note Access to the named pipes is now blocked.
  6. Exit Registry Editor.
Note If the PipeFirewallActive registry entry is set to 1, access to any named pipe that is not listed in the AllowedPipes list will be blocked both for authenticated sessions and for unauthenticated sessions. This means that if the PipeFirewallActive registry setting is 1, the AllowedPipes list should contain the named pipes that that you need to access. To enable access to all named pipes, do not set values for the PipeFirewallActive registry entry.

In the release version of Windows Server 2003, the following named pipes are hard-coded and cannot be disabled:
  • netlogon
  • lsarpc
  • samr
  • browser
  • srvsvc
  • wkssvc
In Windows Server 2003 SP1 and later versions of the operating system, these named pipes are not hard-coded. If the PipeFirewallActive registry entry is set to 1 and the AllowedPipes registry entry does not exist, Windows will use these named pipes. If the AllowedPipes registry entry does exist, access to all named pipes is blocked unless the named pipes are in the AllowedPipes list.

Named pipes for a file server or for a print server

The following named pipes are required for the server to function only as a file server or as a print server:
  • spoolss
  • browser
  • wkssvc
  • srvsvc

Named pipes that are used on domain controllers

If the AllowedPipes list is empty and the PipeFirewallActive registry entry is set to 1, you must manually add the following named pipes:
  • netlogon
  • lsarpc
  • samr
If these named pipes are not in the AllowedPipes list, client computers experience problems. For example, client computers cannot join the domain.

↑ Back to the top


Keywords: KB925890, kbinfo, kbpipeline, kbfirewall, kbfilter, kbhowto

↑ Back to the top

Article Info
Article ID : 925890
Revision : 2
Created on : 4/19/2009
Published on : 4/19/2009
Exists online : False
Views : 409