Article ID: 925890
Article Last Modified on 3/7/2007
APPLIES TO
- Microsoft Windows XP Service Pack 2
- Microsoft Windows Server 2003 Service Pack 1
Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
INTRODUCTION
This article discusses how to use named pipe filters in Microsoft Windows XP Service Pack 2 (SP2), in Microsoft Windows Server 2003 Service Pack 1 (SP1), and in later versions of these operating systems.
A pipe is a technique for passing information from one program process to another program process. Unlike other forms of inter-process communication (IPC), a pipe is a one-way communication. For example, a pipe passes a parameter, such as the output of a process, to a second process. This second process accepts the output of the first process as input. Then, the operating system temporarily holds the piped information until the receiving process reads that information. For two-way communication between processes, you can set up two pipes. In this scenario, one pipe faces one direction, and the other pipe faces the other direction.
However, there is a limitation of pipes for IPC. The limitation occurs when the processes that use pipes have a common parent process. Therefore, they must share a common open process or initiation process. Then, they must be created by a fork system call from a parent process. A pipe's size is at least 4,096 bytes.
A named pipe is an extension of the traditional pipe. A traditional pipe is unnamed because it exists anonymously. It persists only for as long as the process runs. A named pipe is system-persistent and exists beyond the life of the process. You must unlink or delete the named pipe when it is no longer being used. Processes, such as a file, generally attach to the named pipe to perform IPC. Named pipes are closely related to "device special" files. Like "device special" files, pipes do not refer to actual data that is stored in the file system.
Named pipe filtering service was introduced in Windows XP SP2 and in Windows Server 2003 SP1, and is available in later versions of these operating systems. Named pipe filtering service is used to enable or to block access to named pipes. Information about how to enable named pipe filtering is discussed in the "More Information" section.
MORE INFORMATION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Enable dynamic filtering of named pipes
To enable dynamic filtering of named pipes, create the PipeFirewallActive registry entry, and set the value to 1 for this entry. Then, you do not have to restart the computer. To do this, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
- On Edit menu, click New, and then click DWORD Value.
- Type PipeFirewallActive as the name for the DWORD value.
- Right-click PipeFirewallActive, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Exit Registry Editor.
Create a list of named pipes
To create a list of named pipes that you can access, add the list of named pipes as values for the AllowedPipes registry value. Then, you do not have to restart the computer. To do this, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters
- On the Edit menu, click New, and then click Multi-String Value.
- Type AllowedPipes as the name for the Multi-String value.
- Right-click AllowedPipes, and then click Modify.
- In the Value data box, type the list of named pipes, and then click OK.
- Exit Registry Editor.
When the value of the PipeFirewallActive registry entry is set to 1, and the string values of the AllowedPipes registry entry list various named pipes, the server service only enables access to those named pipes whose names are found in the AllowedPipes list. All other named pipes are blocked.
Remove a named pipe from the "AllowedPipes" list
To remove a named pipe from the AllowedPipes list, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters
- Right-click AllowedPipes, and then click Modify.
- In the Value data box, select one or more named pipes that you want to delete. Right-click the selection, and then click Delete.
- Click OK to remove the named pipes from the AllowedPipes list.
Note Access to the named pipes is now blocked. - Exit Registry Editor.
Note If the AllowedPipes list is empty, and the PipeFirewallActive registry entry is set to 1, the access to all named pipes is blocked both for authenticated sessions and for unauthenticated sessions. To enable access to all named pipes, do not set values for the PipeFirewallActive registry entry.
Default named pipes for a file server or for a print server
By default, the list of pipes that are enabled includes those named pipes that are required for the server to function only as a file server or a print server. This list includes the following named pipes:
- spoolss
- browser
- wkssvc
- srvsvc
Keywords: kbhowto kbfilter kbfirewall kbpipeline kbinfo KB925890
