In the scenario that you want to host a NamedPipe based GRPC service in a windows service, you cannot subsequently connect to the service from a client running under a standard user account. This is because the NamedPipe is created with default security permissions.

The ACLs in the default security descriptor for a named pipe grant full control to the LocalSystem account, administrators, and the creator owner. They also grant read access to members of the Everyone group and the anonymous account.
https://learn.microsoft.com/en-us/windows/win32/ipc/named-pipe-security-and-access-rights

While the default ACLs do give read access to Everyone, I think the client also needs Write access to allow it to send GRPC messages to the service.

It seems like a good solution would be to allow the creator of the service to specify the security ACLs to apply to the internally created NamedPipe stream.