From: Eno on
Hello,

I have an application that runs as a number of Microsoft Windows
services. One service is designed to accept a connection, via a named
pipe (server-side), and to execute a command issued over the named
pipe, by a user.

This design has worked well for many years now.

I now have a requirement to provide some kind of audit information.
For example, what command was requested, at what date and time, and by
whom?

I have been reading about various access tokens etc, and also about
the ImpersonateNamedPipeClient function etc. I'm still not clear I can
do what I need to do.

Essentially, is there a way to determine the Windows user name of a
named-pipe requester? In other words, when the server service notices
that the client software has connected to the pipe, the server program
will read the command from the pipe - is there a way I can find out
who is requesting that command?

Thanks for any help.
From: Tom Handal on
On May 20, 10:58 pm, Eno <eno_es...(a)yahoo.com> wrote:
> Hello,
>
> I have an application that runs as a number of Microsoft Windows
> services. One service is designed to accept a connection, via a named
> pipe (server-side), and to execute a command issued over the named
> pipe, by a user.
>
> This design has worked well for many years now.
>
> I now have a requirement to provide some kind of audit information.
> For example, what command was requested, at what date and time, and by
> whom?
>
> I have been reading about various access tokens etc, and also about
> the ImpersonateNamedPipeClient function etc. I'm still not clear I can
> do what I need to do.
>
> Essentially, is there a way to determine the Windows user name of a
> named-pipe requester? In other words, when the server service notices
> that the client software has connected to the pipe, the server program
> will read the command from the pipe - is there a way I can find out
> who is requesting that command?
>
> Thanks for any help.

Starting with Windows Vista, there are two functions:
GetNamedPipeClientProcessId and GetNamedPipeClientSessionId.

Anyway, you can use GetNamedPipeClientSessionId to get the session
number. Then use WTSEnumerateSessionsEx to enumerate the sessions on
the box until you find that one. Once you find it, the
WTS_SESSION_INFO_1 structure contains the username, etc.

I haven't actually tried this, but I have used the WTS functions and
they work well. I don't see why you wouldn't be able to use this
sequence to find the user.

Regards
Tom Handal