MySQL warns that setting named_pipe_full_access_group to Everyone is insecure.
MySQL error 1887 WARN_NAMED_PIPE_ACCESS_EVERYONE appears when named_pipe_full_access_group is set to the broad Everyone group, exposing the server to unauthorised Windows accounts. Create a restricted Windows group, update the variable, and restart MySQL to clear the warning.
WARN_NAMED_PIPE_ACCESS_EVERYONE
Error 1887 is a security warning introduced in MySQL 5.7.27. It appears when the named_pipe_full_access_group system variable is set to Everyone, meaning any Windows account can connect through the MySQL named pipe without authentication checks. The server flags this as insecure because it bypasses Windows group based hardening.
The warning is triggered during server startup, FLUSH PRIVILEGES, or when you set the variable dynamically. MySQL inspects the provided Windows group name and, if it maps to the special Everyone built-in group, emits warning 1887 to encourage a tighter security posture.
Define a dedicated Windows group with limited trusted members, grant that group permission to the MySQL named pipe, and set named_pipe_full_access_group to that new group. Restart the server or re-set the variable to clear the warning.
After upgrading from an older version that silently accepted Everyone, the server now warns; create a MySQLNamedPipeUsers group and update the configuration. In containerised Windows builds, automated scripts may default to Everyone; adjust the script to supply a specific group.
Always map named pipe access to the smallest possible Windows group, audit membership regularly, and store the variable in the my.ini file under the [mysqld] section for repeatable security. Use Galaxy's configuration manager to keep the setting under version control.
Warnings 3159 and 3160 appear when sha256_password or caching_sha2_password is used without SSL or RSA keys. The remediation pattern is similar: harden the configuration, restart, and verify with SHOW WARNINGS.
Administrators sometimes use the catch-all Everyone group to avoid granting individual rights. MySQL 5.7.27+ detects this broad assignment and raises warning 1887.
MySQL upgrades preserve old my.ini files. If the legacy file already contained Everyone, the new server version will issue the warning at each start.
Some provisioning scripts hardcode Everyone for simplicity. These scripts silently introduce the risk until the warning appears.
Raised when sha256_password authentication is used without RSA keys. Fix by installing keys.
Appears when secure authentication methods run without SSL. Enable TLS or change the plugin.
Error thrown when an account uses an authentication plugin the server does not recognise.
No. It is a warning, so the server starts and connections succeed, but security is weakened.
No. Named pipes are Windows only, so the variable and warning do not apply to Linux builds.
Ignoring it in nonproduction systems is possible, but best practice is to create a small group anyway so that scripts behave the same in production.
Galaxy keeps my.ini snippets under version control and highlights unsafe values, helping teams catch warning 1887 before deployment.
.avif)
.avif){kind=logo}
