diff --git a/pkg/config/apm.go b/pkg/config/apm.go
index c8595ee5d55fd..cb3a622d6dd3f 100644
--- a/pkg/config/apm.go
+++ b/pkg/config/apm.go
@@ -43,7 +43,8 @@ func setupAPM(config Config) {
 	}
 
 	config.BindEnvAndSetDefault("apm_config.receiver_port", 8126, "DD_APM_RECEIVER_PORT", "DD_RECEIVER_PORT")
-	config.BindEnvAndSetDefault("apm_config.windows_pipe_buffer_size", 1_000_000, "DD_APM_WINDOWS_PIPE_BUFFER_SIZE") //nolint:errcheck
+	config.BindEnvAndSetDefault("apm_config.windows_pipe_buffer_size", 1_000_000, "DD_APM_WINDOWS_PIPE_BUFFER_SIZE")                          //nolint:errcheck
+	config.BindEnvAndSetDefault("apm_config.windows_pipe_security_descriptor", "D:AI(A;;GA;;;WD)", "DD_APM_WINDOWS_PIPE_SECURITY_DESCRIPTOR") //nolint:errcheck
 
 	config.BindEnv("apm_config.receiver_timeout", "DD_APM_RECEIVER_TIMEOUT")                             //nolint:errcheck
 	config.BindEnv("apm_config.max_payload_size", "DD_APM_MAX_PAYLOAD_SIZE")                             //nolint:errcheck
diff --git a/pkg/trace/api/api.go b/pkg/trace/api/api.go
index 63c7afb6abba4..da5adb077263c 100644
--- a/pkg/trace/api/api.go
+++ b/pkg/trace/api/api.go
@@ -141,7 +141,8 @@ func (r *HTTPReceiver) Start() {
 	if path := mainconfig.Datadog.GetString("apm_config.windows_pipe_name"); path != "" {
 		pipepath := `\\.\pipe\` + path
 		bufferSize := mainconfig.Datadog.GetInt("apm_config.windows_pipe_buffer_size")
-		ln, err := listenPipe(pipepath, bufferSize)
+		secdec := mainconfig.Datadog.GetString("apm_config.windows_pipe_security_descriptor")
+		ln, err := listenPipe(pipepath, secdec, bufferSize)
 		if err != nil {
 			killProcess("Error creating %q named pipe: %v", pipepath, err)
 		}
@@ -150,7 +151,7 @@ func (r *HTTPReceiver) Start() {
 			r.server.Serve(ln)
 			ln.Close()
 		}()
-		log.Infof("Listening for traces on Windowes pipe %s", pipepath)
+		log.Infof("Listening for traces on Windowes pipe %q. Security descriptor is %q", pipepath, secdec)
 	}
 
 	go r.RateLimiter.Run()
diff --git a/pkg/trace/api/pipe.go b/pkg/trace/api/pipe.go
index 9f7347726dbe0..bdf9039e3b69e 100644
--- a/pkg/trace/api/pipe.go
+++ b/pkg/trace/api/pipe.go
@@ -13,8 +13,9 @@ import (
 	"github.com/Microsoft/go-winio"
 )
 
-func listenPipe(path string, bufferSize int) (net.Listener, error) {
+func listenPipe(path string, secdec string, bufferSize int) (net.Listener, error) {
 	return winio.ListenPipe(path, &winio.PipeConfig{
-		InputBufferSize: int32(bufferSize),
+		SecurityDescriptor: secdec,
+		InputBufferSize:    int32(bufferSize),
 	})
 }
diff --git a/pkg/trace/api/pipe_off.go b/pkg/trace/api/pipe_off.go
index 8308a16aceeb5..545fb03dae746 100644
--- a/pkg/trace/api/pipe_off.go
+++ b/pkg/trace/api/pipe_off.go
@@ -12,6 +12,6 @@ import (
 	"net"
 )
 
-func listenPipe(path string, bufferSize int) (net.Listener, error) {
+func listenPipe(_, _ string, _ int) (net.Listener, error) {
 	return nil, errors.New("Windows named pipes are only supported on Windows operating systems")
 }