procedure InitializeSecurity(var sa: TSecurityAttributes; Client: Boolean=false);
type
  PTokenUser = ^_TOKEN_USER;
  _TOKEN_USER = record
    User: SID_AND_ATTRIBUTES;
  end;
const
  RAUN                   = 'EMOSWebAdmin';
  RAPW                   = 'halleluja';
var
  phToken: THandle;
  dwInfoBufferSize: DWORD;
  ptgUser: PTokenUser;
  pSidStr: PChar;
  SidStr:String;
  sd : PSecurityDescriptor;
begin
  if Client then begin
    // Allocate memory for the security descriptor
    sd := AllocMem(SECURITY_DESCRIPTOR_MIN_LENGTH);
    // Initialize the new security descriptor
    if InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION) then begin
      // Add a NULL descriptor ACL to the security descriptor
      if SetSecurityDescriptorDacl(sd, True, nil, False) then begin
        // Set up the security attributes structure
        SA.nLength := SizeOf(TSecurityAttributes);
        SA.lpSecurityDescriptor := sd;
        SA.bInheritHandle := True;
      end else
        // Failed to init the sec descriptor
        RaiseWindowsError;
    end else
      // Failed to init the sec descriptor
      RaiseWindowsError;
  end else begin
    if LogonUser(PChar(RAUN), '', PChar(RAPW),LOGON32_LOGON_INTERACTIVE,
       LOGON32_PROVIDER_DEFAULT, phToken) then begin
      GetTokenInformation(phToken, TokenUser, nil, 0, dwInfoBufferSize);
      ptgUser := GetMemory(dwInfoBufferSize);
      GetTokenInformation(phToken, TokenUser, ptgUser, dwInfoBufferSize,
        dwInfoBufferSize);
      ConvertSidToStringSidA(ptgUser.User.Sid, pSidStr);
      SidStr:=pSidStr;
      FreeMemory(ptgUser);
      LocalFree(HLOCAL(pSidStr));
      CloseHandle(phToken);
    end else
      RaiseWindowsError;
    sa.nLength:= sizeof(sa);
    sa.bInheritHandle:= true;
    if NOT ConvertStringSecurityDescriptorToSecurityDescriptorA(PChar(
        'D:' +                             // Discretionary ACL
        '(D;OICI;GA;;;BG)' +               // Deny access to built-in guests
        '(D;OICI;GA;;;AN)' +               // Deny access to anonymous logon
        '(A;OICI;GRGWGX;;;AU)' +           // access to authenticated users
        '(D;OICI;GA;;;BA)' +               // Deny access to administrators
        '(A;OICI;GRGWGX;;;' + SidStr + ')' // Access for Admin user
        ),
        SDDL_REVISION_1, sa.lpSecurityDescriptor, nil) then
      RaiseWindowsError;
  end;
end;


//create Client Pipe (Ausschnitt)
:
:
        if WaitNamedPipe(PChar(szName), WaitTime) then
        begin
          // Attempt to create client side handle
          FPipe := CreateFile(PChar(szName), GENERIC_READ or
            GENERIC_WRITE, 0, @FSA, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL or
            FILE_FLAG_OVERLAPPED, 0);
          // Success if we have a valid handle
          if IsHandle(FPipe) then begin
:
:

// create pipe Server (Ausschnitt)
:
:
  // Create the outbound pipe first
  FPipe := CreateNamedPipe(PChar(resPipeBaseName + FPipeName), PIPE_OPENMODE,
    PIPE_MODE, PIPE_INSTANCES, 0, 0, 1000, @FSA);

  // Resource protection
  try
    // Set result value based on valid handle
    if IsHandle(FPipe) then
:
: