On Sat, 4 May 2002, Richard Sharpe wrote:
> OK, they are now known as pipeacl etc, but I can see them. There is an SD
> on lsass, and it currently allows everyone to access it.
pipeacl is a different tool. It opens the SD of the named pipe, it doesn't
allow to view/change the SD of that's connect at the end point.
lsaacl/samacl are really different. They use LSA or SAM functions to
access the SD.
> It seems obvious that simply removing Everyone would get rid of anon
> access. With the pipeaclui tool, one could add new entries in the DACL for
> lsass. Neat.
no. you could change who has access to the pipe ! not the access to the
RPC server. that's totally different.
J.F.
