I have the server that creates the client process and creates the named pipe. The client communicates to the server via the named pipe.
To prevent remote users or users on a different terminal services session from accessing a named pipe, use the logon SID on the DACL for the pipe. The logon SID is used in run-as logons as well; it is the SID used to protect the per-session object namespace. For more information, see Getting the Logon SID in C++. https://learn.microsoft.com/en-us/windows/desktop/ipc/named-pipe-security-and-access-rights
How do I do this? It tells me how to get the SID but how do I make a SECURITY_ATTRIBUTE using the SID?
Finally i could find solution to this problem. You can make use of SDDL TEXT("(D;OICI;GA;;;NU)")
using standard SDDL functions create security descriptor use the same during named pipe creation