Microsoft KB Archive/153066

= IPC$ Connections Do Not Disconnect =

Article ID: 153066

Article Last Modified on 10/31/2006

-

APPLIES TO


 * Microsoft Windows NT Server 3.5
 * Microsoft Windows NT Server 3.51

-



This article was previously published under Q153066



SYMPTOMS
When a connection is made to a Windows NT 3.51 server to which the user has had no prior connection, a connection is made to IPC$ as well as to the share. After disconnecting from the share, the connection to IPC$ remains, as can be seen in Server Manager under Shares. This may cause concerns for administrators, who may feel that the connection and any credentials associated with the user who made the connection might be accessible by someone else using the same computer.

For instance, one company reported the following situation. Administrators needed to connect to the server from a computer that a user had already logged on to. The administrator used CONNECT AS to make a connection to the server, downloaded some files, then disconnected. They noticed that the IPC$ connection was still there in Server Manager. Their concern was then that the user at that computer might be able to access the server over that connection with administrator access.

Additionally, the IPC$ connection is counted by License Manager. As long as the IPC$ connection is valid, it takes up a license, perhaps preventing other users from connecting to a resource.

This connection will drop off when autodisconnect runs (after 15 minutes of inactivity by default).



RESOLUTION
This does not pose a security concern, as explained below (under MORE INFORMATION). However, license counts by License Manager are a valid concern. One instant solution is to turn off the License Logging service, using the Services tool in Control Panel.

The problem has been corrected in Windows NT 4.0. The IPC$ connection is dropped immediately after user validation.



MORE INFORMATION
Server Manager will show the connection user as the user's name while the share connection is maintained. If the user disconnects from the share, then the IPC$ connection user will change to the user's computer name. At this point, any user at that computer attempting to connect will have to authenticate with the server. Although the IPC$ connection is still intact, it is not associated with any user name or credentials, so it does not pose a security risk.

Additional query words: 3.50 3.51

Keywords: KB153066

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.