Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to configure DCOM settings in a network?

136 views
Skip to first unread message

tango

unread,
Sep 22, 2005, 11:11:22 AM9/22/05
to
To allow a non administrator user to query WMI some changes must be done to
Access permissions and Launch and Activation permissions in DCOM
configuration.

We know it can be done using dcomcnfg.exe but we need to monitor a large
network and we would like to configure all system settings at once. Does
anybody know if there is a way to perform this settings from the domain
controler? If there is not, which is the best way to automatically change
this values? Setting Windows registry? Is there any API that permits to
perform a safe change of this values?

Thanks in advance
Best regards

Tango


Gary Chang[MSFT]

unread,
Sep 23, 2005, 5:04:10 AM9/23/05
to
Hi Tango,

>We know it can be done using dcomcnfg.exe but we need
>to monitor a large network and we would like to configure
>all system settings at once. Does anybody know if there is
>a way to perform this settings from the domain controler?

It appears there is no WMI approach to do such work, all the properties in
the corresponding WMI classes are read-only:
Win32_DCOMApplication
Win32_DCOMApplicationAccessAllowedSetting
Win32_DCOMApplicationLaunchAllowedSetting
Win32_DCOMApplicationSetting

On the other hand, there is no DCOM configuration API neither, the RunAs
password is stored using LSA. We have a related sample program which
simplifies the process of manipulating the access and launch permissions
for a COM server, and also provides code about how to set and retrieve the
RunAs password for a COM server, you can download it in the following MSDN
link:

DCOMperm: Permissions for a COM Server
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcsample98/
html/vcsmpdcompermpermissionsforcomserver.asp


Thanks!

Best regards,

Gary Chang
Microsoft Community Support
--------------------
Get Secure! :C www.microsoft.com/security
Register to Access MSDN Managed Newsgroups!
http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.asp
&SD=msdn

This posting is provided "AS IS" with no warranties, and confers no rights.

James Crosswell

unread,
Sep 23, 2005, 7:08:18 AM9/23/05
to


You can reset the DCOM access permissions by deleting the following
registry key:
HKLM\SOFTWARE\Microsoft\Ole\DefaultAccessPermission

So you might have a nosy round in there.

However there's a lot more than just DCOM that you'll have to verify if
you want non-admins to be able to access WMI.

If you send me an email I can get you a PDF that describes everything
you'll need to look at.

--

Best Regards,

James Crosswell
Software Engineer
Microforge.net Limited
http://www.microforge.net

0 new messages