My application uses a Named Pipe to do IPC. What access control should I place on it, to provide broad local only access?
该管道是由.net 2.0远程协议创建的,并且已经为"NETWORK"组提供了ACL,以拒绝所有访问,因此我认为只有本地用户可以访问它.在远程配置文件中,我需要选择一个可以访问此管道的"authorizedGroup".
The pipe is created by the .net 2.0 remoting protocol, and it already has an ACL for the 'NETWORK' group to deny all access, so I think only local users can access it. In my remoting configuration file I need to pick an 'authorizedGroup' who can access this pipe.
I would like any process running on the local machine to access my named pipe.
I would appear to need to select between access for the 'Everyone' Group or the 'Authenticated Users' group. Given the local-only access, what processes might be running under the 'Everyone' group that are not in the 'Authenticated Users' group?
我对Windows XP及更高版本的答案很感兴趣.
I'm interested in answers for Windows XP and above.
每个人"是授权用户"和来宾"的集合组.请注意,对于Win 2000及更早版本,它也包含匿名",而未进行任何检查
"Everyone" is a collective group for "Authenticated Users" and "Guest". Note that for Win 2000 and earlier, it included "Anonymous" too where no checks are made
"Authenticated Users" is user who has logged into AD and has a login token.
我的文字是对Windows Server 2003的解释:"安全性标识符".
My text is paraphrasing of Windows Server 2003 "Security identifiers".
To be honest, I've never thought about this one much... sorry.