Access and roles in DCOM technology

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Give administrators access to users MY Documents Hi there- I want to give administrators access to all the users my documents folders. I have my documents redirected via GP to the usersw directory. How do I do this? Thanks Tag: Access and roles in DCOM technology Tag: 79456
  - 2
    - MSN Money I need to gain access to my Money 2001 that I have on an old computer but have forgotten the password that I used back then. Is there any way I can find out what my password was? Does anyone know what file the password is kept in and if it's readable? Any help will be appreciated since it's very important that I retrieve some information from that year which I did not carry forward to the more current years. Thank you! Tag: Access and roles in DCOM technology Tag: 79455
  - 3
    - Mrxpriumpstc service can't be found Has anyone come across this service? It doesn't turn up on Google or on a search of my computer. Doing a Find in Regedit doesn't turn up anything either. Anyone know what this is? Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 12/26/2005 Time: 10:44:10 PM User: N/A Computer: IBM-A0DC4189602 Description: The Mrxpriumpstc service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Tag: Access and roles in DCOM technology Tag: 79454
  - 4
    - Isa 2004 and the Dpm 2006 agent On the member server with Isa server 2004 (single nic template), I would like to install the Dpm 2006 agent but I'm always receiving the "RPC unavailable" error message. An idea ? Thank you for your response Tag: Access and roles in DCOM technology Tag: 79450
  - 5
    - Italian Rogue Dialler and Italian popups First time in 10 years on internet. Yesterday ended up with a rogue dialler trying to dial out to 7020102463 and the following between &&&&&&&s, abbreviated from Symantec site , removed that. Then today some more Italian intrusions placing files through different directories etc , keywords : e1xplorer , archiviosex , exsplorer , redfunny , skymasters , xbeta69 and the main one sgrunt. Since removing the sgrunt directory and repeating the process below it has disappeared but we assume only temporarily, as don't know where keep picking it up from , certainly not visiting porn sites , or where else its lurking. It has also disabled the modem speaker , as distinct from , apparently setting the volume high in Modem options. We'd like to get the dial and beep/chime acknowledgement back again. In rasphone.pbk does Speaker=1 and Dialmode=1 mean speaker on or off? Checked not modem malfunction by trying another modem &&&&&&&& Windows 95/98/Me/NT/2000 Click Start, point to Find or Search, and then click Files or Folders. Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked. In the "Named" or "Search for..." box, type: rasphone.pbk Click Find Now or Search Now. If you find rasphone.pbk, right-click the file, and then click Open With. Deselect the Always use this program to open this program check box. Scroll through the list of programs and double-click Notepad. When the file opens, search for the section named: [Connessione Predefinita] Check if the connection number was changed by the dialer, looking at the following entry: PhoneNumber=7020102463 If the telephone number does not match with your ISP telephone number, remove all the entries of this section. Close Notepad and save your changes when prompted. Create a new dial-up connection with the right ISP number and parameters. ***** snipped ******* 5. To delete the links added by the risk Click Start > Programs > Accessories > Windows Explorer. Navigate to and delete the following files: %UserProfile%\Desktop\WinMoviePlugIn.lnk %UserProfile%\Desktop\explorer.lnk %UserProfile%\Start Menu\Programs\WinMoviePlugIn.lnk %UserProfile%\Start Menu\Programs\explorer.lnk %UserProfile%\Start Menu\WinMoviePlugIn.lnk %UserProfile%\Start Menu\explorer.lnk %UserProfile%\My Documents\WinMoviePlugIn.lnk %UserProfile%\My Documents\explorer.lnk %UserProfile%\Favorites\WinMoviePlugIn.lnk %UserProfile%\Favorites\explorer.lnk Exit Windows Explorer. &&&&&&&&&& Tag: Access and roles in DCOM technology Tag: 79447
  - 6
    - IPSEC and Windows Security Center I often go to Events viewer to see if there are errors showing in system events or application events. I am seeing a system error at every launch: "The IPSEC Services service terminated with the following error: The attempted operation is not supported for the type of object referenced." Event type: Error Event source: Service control manager Event ID: 7023 If I go over to look at Application Errors for the exact hour-minute-second time equivalent, what is happening looks like there is some competition in the loading process: "The Windows Security Center Service has started" Event type: Information Event source: Security Center Event ID: 1800 ........................... These two events happen at the same time as each other at every computer launch. I have ICF turned off and am using McAfee's VS, Firewall, Spam Killer, new program with newest updates, and all windows updates. 1. Should IPSEC Services be on or off? In Services it is set as Automatic, but does not say it is started. In opening the dialog, it says it is stopped. 2. Do I need to set something different? The TCP/IP NetBios Helper is "started" and "automatic" Windows XP Pro SP2 Advanced computer user (install programs and do successful troubleshooting, etc.) Tag: Access and roles in DCOM technology Tag: 79446
  - 7
    - Terminal Server on the DMZ Hi All, I need to install terminal server on my DMZ. My license server is seating on the LAN What port I need to open to let the new server on the DMZ to communicate with the License server on the LAN? Did the port need to be open all the times or only on the activation phase? Thanks In Advanced! Nir Tag: Access and roles in DCOM technology Tag: 79445
  - 8
    - How (not) to create malware (TSPY-Agent.EA) with VC++ .Net? Hello, I scanned my pc with a lot of tools and now I can't find anything left like malware etc.. Also I'm running a firewall. But after build a simple vc++ project (with visual studio 2003 .net) with release-build-configuration, the tool from trendmicro finds in the created exe-file the virus pattern from TSPY-Agent.EA. When I build the same project with debug-build-configuration, the exe-file seams to be clean. McAfee, Sophos, and Kaspersky do not find any malware both in the release as in the debug exe-file. (I'm using the tools from http://www.elephantboycomputers.com/page2.html#Removing_Malware with the newest definitions.) Here the configuration for the debug-version: ================================================= <Configuration Name="Debug|Win32" OutputDirectory="Debug" IntermediateDirectory="Debug" ConfigurationType="1" CharacterSet="2"> <Tool Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="E:\Projects\tool\src\tool" PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS" MinimalRebuild="TRUE" BasicRuntimeChecks="3" RuntimeLibrary="5" UsePrecompiledHeader="3" WarningLevel="3" Detect64BitPortabilityProblems="TRUE" DebugInformationFormat="4"/> <Tool Name="VCCustomBuildTool"/> <Tool Name="VCLinkerTool" OutputFile="$(OutDir)/tool.exe" LinkIncremental="2" GenerateDebugInformation="TRUE" ProgramDatabaseFile="$(OutDir)/tool.pdb" SubSystem="2" ImportLibrary="" TargetMachine="1"/> <Tool Name="VCMIDLTool"/> <Tool Name="VCPostBuildEventTool"/> <Tool Name="VCPreBuildEventTool"/> <Tool Name="VCPreLinkEventTool"/> <Tool Name="VCResourceCompilerTool"/> <Tool Name="VCWebServiceProxyGeneratorTool"/> <Tool Name="VCXMLDataGeneratorTool"/> <Tool Name="VCWebDeploymentTool"/> <Tool Name="VCManagedWrapperGeneratorTool"/> <Tool Name="VCAuxiliaryManagedWrapperGeneratorTool"/> </Configuration> ======================================== and here for the release-version: ======================================== <Configuration Name="Release|Win32" OutputDirectory="Release" IntermediateDirectory="Release" ConfigurationType="1" CharacterSet="2"> <Tool Name="VCCLCompilerTool" Optimization="2" InlineFunctionExpansion="1" OmitFramePointers="TRUE" PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS" StringPooling="TRUE" RuntimeLibrary="4" EnableFunctionLevelLinking="TRUE" UsePrecompiledHeader="3" WarningLevel="3" Detect64BitPortabilityProblems="TRUE" DebugInformationFormat="3"/> <Tool Name="VCCustomBuildTool"/> <Tool Name="VCLinkerTool" OutputFile="$(OutDir)/tool.exe" LinkIncremental="1" GenerateDebugInformation="TRUE" SubSystem="2" OptimizeReferences="2" EnableCOMDATFolding="2" TargetMachine="1"/> <Tool Name="VCMIDLTool"/> <Tool Name="VCPostBuildEventTool"/> <Tool Name="VCPreBuildEventTool"/> <Tool Name="VCPreLinkEventTool"/> <Tool Name="VCResourceCompilerTool"/> <Tool Name="VCWebServiceProxyGeneratorTool"/> <Tool Name="VCXMLDataGeneratorTool"/> <Tool Name="VCWebDeploymentTool"/> <Tool Name="VCManagedWrapperGeneratorTool"/> <Tool Name="VCAuxiliaryManagedWrapperGeneratorTool"/> </Configuration> ========================================= So the best will be to reinstall all, but now I'm interesting in what is going on in my pc. Thanks for your help! Axel Tag: Access and roles in DCOM technology Tag: 79440
  - 9
    - Windows XP - Can McAfee Privacy Security and WinAmp run together? After installing Privacy Service 7 I have been getting freezes in Windows XP shortly after WinAmp starts. In the restart there is the message "GDWH is not responding". After a lot of searching and finding many false leads, I found a post in WinAmp forums suggesting uninstalling McAfee Privacy Service. I found that disabling Privacy Service allowed WinAmp to run. Any ideas on getting these to run together? Tag: Access and roles in DCOM technology Tag: 79435
  - 10
    - IE, Powerpoint, tribalfusion? Recently when visiting certain websites a message came up to insert the Powerpoint disk. I resisted this for awhile, but finally gave up and inserted the Powerpoint installation CD, and voila, tribalfusion popups are back. Has tribalfusion found some kind of way to defeat IE's popup blocker using Powerpoint? Tag: Access and roles in DCOM technology Tag: 79433
  - 11
    - SSPI client to ldap Server - Error at last stage of n-way authentication check Hi all, I'm using Microsoft=AE Platform SDK 2003 and my client program is using SSPI calls. I'm able to get 4 octet string token from TGT server just before the final step of handshaking mechanism in SASL connection. i=2Ee. my final step of three way handshaking is broken in the final step where i'm calling EncryptMessage(..) [enquivant to gss_wrap( .. ) in GSSAPI]. It is returning some garbage value (-122346..34) instead of SEC_E_OK; ------------------------------------- SAME WAY I'VE TRIED THE HANDSHAKING MECHANISM USING GSSAPI CALLS AND .=2E...EVERYTHING IS WORKING FINE... WHILE USING SSPI CALLS.....I'M GETTING PROBLEMS...............!! Here is code snippet ---- --------- this step succeeded err =3D pSecurityInterface->InitializeSecurityContext ( &hcredClient, pClientCtxHandleIn, TEXT("LDAP/ps2345.intranet.xyz....@INTRANET.XYZ.COM"), grfRequiredCtxAttrsClient, 0, SECURITY_NATIVE_DREP, pClientInput, 0, pClientCtxHandleOut, pClientOutput, &grfCtxAttrsClient, &expiryClientCtx); cbv.bv_len =3D pClientOutput->pBuffers[0].cbBuffer; cbv.bv_val =3D (char*)pClientOutput->pBuffers[0].pvBuffer; // successful call verified..... retval =3D ldap_sasl_bind_s(ld, NULL, "GSSAPI", &cbv, NULL, NULL, &sbv); if ((retval =3D=3D LDAP_SASL_BIND_IN_PROGRESS || retval =3D=3D LDAP_SUCCE= SS)) { cbv.bv_len =3D 0; cbv.bv_val =3D NULL; if (sbv) { ber_bvfree(sbv); sbv =3D NULL; } //replying the challenge will NULL value retval =3D ldap_sasl_bind_s(ld, NULL, "GSSAPI", &cbv, NULL, NULL, &sbv); if((retval =3D=3D LDAP_SASL_BIND_IN_PROGRESS || retval =3D=3D LDAP_SUCCES= S)) { inSecBufDesc.ulVersion =3D SECBUFFER_VERSION; inSecBufDesc.cBuffers =3D 2; inSecBufDesc.pBuffers =3D &inSecBuf[0]; inSecBuf[0].BufferType =3D SECBUFFER_STREAM; inSecBuf[0].cbBuffer =3D sbv->bv_len; inSecBuf[0].pvBuffer =3D sbv->bv_val; inSecBuf[1].BufferType =3D SECBUFFER_DATA; inSecBuf[1].cbBuffer =3D 0; inSecBuf[1].pvBuffer =3D NULL; ULONG mylongVal=3D0; //Decrypting the Response. err =3D pSecurityInterface->DecryptMessage(pClientCtxHandleIn, &inSecBufDesc, 0,&mylongVal); -------------- till here everything is successful....verified with corresponding GSSPI call ...the (inSecBufDesc).pBuffers[1] contains the 4 byte octet string....Now according to rfc2222.txt, final step required to wrap the data (EncryptMeassage call) in this case and use final ldap_sasl_bind_s call err =3D pSecurityInterface->QueryContextAttributes( pClientCtxHandleIn, SECPKG_ATTR_SIZES, &sizes); // password length is passWd_Len =3D strlen("myuse...@INTRANET.XYZ.COM") + 4; //setting the first byte of octet to 1 ptr =3D (unsigned char *)inSecBufDesc.pBuffers[1].pvBuffer; maxsz =3D (ptr[1]<<16) | (ptr[2]<<8)| (ptr[3]); ptr =3D (unsigned char *) malloc(passWd_Len); ptr[0]=3D 1; ptr[1]=3D maxsz>>16; ptr[2]=3D maxsz>>8; ptr[3]=3D maxsz; sprintf((char *)&ptr[4], "%s", "myuse...@INTRANET.XYZ.COM"); ---------------------------till here everything is ok....SAME AS DONE WITH GSSAPI CALLS AND IS SUCCEEDED ...EVERYTHING IS FINE TILL HERE. NOW THE JOB IS TO ENCRYPT AND SEND IT TO THE SERVER IN FINAL CALL.------------- --------------------Problem lies in next part of the code --------------------- // Need three descriptors, two for the SSP and one to hold the //application data. inSecBufDescSecond.ulVersion =3D SECBUFFER_VERSION; inSecBufDescSecond.cBuffers =3D 3; inSecBufDescSecond.pBuffers =3D &inSecBufSec[0]; inSecBufSec[0].BufferType =3D SECBUFFER_TOKEN; inSecBufSec[0].cbBuffer =3D sizes.cbSecurityTrailer; inSecBufSec[0].pvBuffer =3D malloc(sizes.cbSecurityTrailer); // This buffer holds the application data. inSecBufSec[1].BufferType =3D SECBUFFER_DATA; inSecBufSec[1].cbBuffer =3D passWd_Len; inSecBufSec[1].pvBuffer =3D malloc(inSecBufSec[1].cbBuffer); memcpy(inSecBufSec[1].pvBuffer, ptr, passWd_Len ); inSecBufSec[2].BufferType =3D SECBUFFER_PADDING; inSecBufSec[2].cbBuffer =3D sizes.cbBlockSize; inSecBufSec[2].pvBuffer =3D malloc(inSecBufSec[2].cbBuffer); err =3D pSecurityInterface->EncryptMessage(pClientCtxHandleIn, ( 0 / SECQOP_WRAP_NO_ENCRYPT ) ,&inSecBufDescSecond, 0); ----> if i keep second argument as SECQOP_WRAP_NO_ENCRYPT ....the call returns SEC_E_OK , butinSecBufDescSecond.pBuffers[1] does not contains the expected data. On the other hand keeping second argument 0=2E..returns error(-2146893054) Let me know...where is the problem ??=20 Amit Tag: Access and roles in DCOM technology Tag: 79432
  - 12
    - SSPI client to ldap Server - Error at last stage of n-way authentication check Hi all, I'm using Microsoft=AE Platform SDK 2003 and my client program is using SSPI calls. I'm able to get 4 octet string token from TGT server just before the final step of handshaking mechanism in SASL connection. i=2Ee. my final step of three way handshaking is broken in the final step where i'm calling EncryptMessage(..) [enquivant to gss_wrap( .. ) in GSSAPI]. It is returning some garbage value (-122346..34) instead of SEC_E_OK; ------------------------------------- SAME WAY I'VE TRIED THE HANDSHAKING MECHANISM USING GSSAPI CALLS AND .=2E...EVERYTHING IS WORKING FINE... WHILE USING SSPI CALLS.....I'M GETTING PROBLEMS...............!! Here is code snippet ---- --------- this step succeeded err =3D pSecurityInterface->InitializeSecurityContext ( &hcredClient, pClientCtxHandleIn, TEXT("LDAP/ps2345.intranet.xyz....@INTRANET.XYZ.COM"), grfRequiredCtxAttrsClient, 0, SECURITY_NATIVE_DREP, pClientInput, 0, pClientCtxHandleOut, pClientOutput, &grfCtxAttrsClient, &expiryClientCtx); cbv.bv_len =3D pClientOutput->pBuffers[0].cbBuffer; cbv.bv_val =3D (char*)pClientOutput->pBuffers[0].pvBuffer; // successful call verified..... retval =3D ldap_sasl_bind_s(ld, NULL, "GSSAPI", &cbv, NULL, NULL, &sbv); if ((retval =3D=3D LDAP_SASL_BIND_IN_PROGRESS || retval =3D=3D LDAP_SUCCE= SS)) { cbv.bv_len =3D 0; cbv.bv_val =3D NULL; if (sbv) { ber_bvfree(sbv); sbv =3D NULL; } //replying the challenge will NULL value retval =3D ldap_sasl_bind_s(ld, NULL, "GSSAPI", &cbv, NULL, NULL, &sbv); if((retval =3D=3D LDAP_SASL_BIND_IN_PROGRESS || retval =3D=3D LDAP_SUCCES= S)) { inSecBufDesc.ulVersion =3D SECBUFFER_VERSION; inSecBufDesc.cBuffers =3D 2; inSecBufDesc.pBuffers =3D &inSecBuf[0]; inSecBuf[0].BufferType =3D SECBUFFER_STREAM; inSecBuf[0].cbBuffer =3D sbv->bv_len; inSecBuf[0].pvBuffer =3D sbv->bv_val; inSecBuf[1].BufferType =3D SECBUFFER_DATA; inSecBuf[1].cbBuffer =3D 0; inSecBuf[1].pvBuffer =3D NULL; ULONG mylongVal=3D0; //Decrypting the Response. err =3D pSecurityInterface->DecryptMessage(pClientCtxHandleIn, &inSecBufDesc, 0,&mylongVal); -------------- till here everything is successful....verified with corresponding GSSPI call ...the (inSecBufDesc).pBuffers[1] contains the 4 byte octet string....Now according to rfc2222.txt, final step required to wrap the data (EncryptMeassage call) in this case and use final ldap_sasl_bind_s call err =3D pSecurityInterface->QueryContextAttributes( pClientCtxHandleIn, SECPKG_ATTR_SIZES, &sizes); // password length is passWd_Len =3D strlen("myuse...@INTRANET.XYZ.COM") + 4; //setting the first byte of octet to 1 ptr =3D (unsigned char *)inSecBufDesc.pBuffers[1].pvBuffer; maxsz =3D (ptr[1]<<16) | (ptr[2]<<8)| (ptr[3]); ptr =3D (unsigned char *) malloc(passWd_Len); ptr[0]=3D 1; ptr[1]=3D maxsz>>16; ptr[2]=3D maxsz>>8; ptr[3]=3D maxsz; sprintf((char *)&ptr[4], "%s", "myuse...@INTRANET.XYZ.COM"); ---------------------------till here everything is ok....SAME AS DONE WITH GSSAPI CALLS AND IS SUCCEEDED ...EVERYTHING IS FINE TILL HERE. NOW THE JOB IS TO ENCRYPT AND SEND IT TO THE SERVER IN FINAL CALL.------------- --------------------Problem lies in next part of the code --------------------- // Need three descriptors, two for the SSP and one to hold the //application data. inSecBufDescSecond.ulVersion =3D SECBUFFER_VERSION; inSecBufDescSecond.cBuffers =3D 3; inSecBufDescSecond.pBuffers =3D &inSecBufSec[0]; inSecBufSec[0].BufferType =3D SECBUFFER_TOKEN; inSecBufSec[0].cbBuffer =3D sizes.cbSecurityTrailer; inSecBufSec[0].pvBuffer =3D malloc(sizes.cbSecurityTrailer); // This buffer holds the application data. inSecBufSec[1].BufferType =3D SECBUFFER_DATA; inSecBufSec[1].cbBuffer =3D passWd_Len; inSecBufSec[1].pvBuffer =3D malloc(inSecBufSec[1].cbBuffer); memcpy(inSecBufSec[1].pvBuffer, ptr, passWd_Len ); inSecBufSec[2].BufferType =3D SECBUFFER_PADDING; inSecBufSec[2].cbBuffer =3D sizes.cbBlockSize; inSecBufSec[2].pvBuffer =3D malloc(inSecBufSec[2].cbBuffer); err =3D pSecurityInterface->EncryptMessage(pClientCtxHandleIn, ( 0 / SECQOP_WRAP_NO_ENCRYPT ) ,&inSecBufDescSecond, 0); ----> if i keep second argument as SECQOP_WRAP_NO_ENCRYPT ....the call returns SEC_E_OK , butinSecBufDescSecond.pBuffers[1] does not contains the expected data. On the other hand keeping second argument 0=2E..returns error(-2146893054) Let me know...where is the problem ??=20 Amit Tag: Access and roles in DCOM technology Tag: 79431
  - 13
    - Windows 2003 server Network Security I want to lock down my network from PCs for Laptops outside the company. Basically I do not want anyone to be able to plug in his or her laptop computer via an RJ45 connection and have any access to resources without signing in with a valid userid and password. I donâ??t want them to have a DHCP IP address to surf the Internet unless authorized via their userid and password. Where do I start to implement these restrictions? Thanks Tag: Access and roles in DCOM technology Tag: 79427
  - 14
    - about axistwo.exe and nprvesof.exe Hello, who knows something about a file named axistwo.exe? I can't find anything about it in the web. It's generated in a directory named "life soft tick". In this dirctory there are also some other files: nprvesof.exe Win Tool Meal.exe Thanks for your help, Axel Tag: Access and roles in DCOM technology Tag: 79421
  - 15
    - L2TP/IPsec sites-to-sites vpn Hi Here are my scenario. I have two sites that are connected through a isdn lines but I don't want to use that line anymore, instead I will use a site-to-site vpn connection. My main site is using a Windows 2000 server with ISa 2000, this computer is a member of my domain. Ip adress 10.10.x.x/16. On this site I have a Stand alone certificate server on Windows 2003. This server is not a Domain Controller. The remote site is using a Windows 2003 server with ISA server 2004, he is also a member of my domain. Ip adress 10.30.x.x/16 On both isa server I have made the necessary configuration to make a pptp conection, and with this type of connnection I am able to make the connection between both sites. My problem is when i'm trying to use a L2TP/IPsec connection. On the ISA 2004, I change the protocol type of the remote site to L2TP. On the ISA server 2000, packet filters for this type of traffic is there, and I changed the type of protocol the netwotk interface is using for LP2TP vpn type. My concerns are about the certificates part. On the ISA 2000, I use the certifictaes mmc to request and install a computer certificates with success. On the ISA server 2004, I tried the same thing but I receive this error The certificate request was submitted to CA that is not started or you don't have permissions to request certificates from availabe CAs. I restarted the routing and remote access and IPSec policies services on both computers without success. So on this server I use the a web request (http://10.10.0.x/certsrv) to request a administrator template certificates. When I tried to connect I receive this error on both ISA servers Event Type: Error Event Source: RemoteAccess Event Category: None Event ID: 20111 Date: 12/23/2005 Time: 8:53:50 AM User: N/A Computer: MASTER3 Description: A Demand Dial connection to the remote interface IsaMoncton on port VPN2-0 was successfully initiated but failed to complete successfully because of the following error: The L2TP connection attempt failed because security policy for the connection was not found. Data: 0000: 17 03 00 00 .... I have read many articles and some articles tells that I need a computer certificates, some other a IPsec template, others a Router(offline) templates... So my first idea was to use a computer type certificates but I can not use the MMC Certificates snap-in on the ISA 2004 to reuqest one and the the computer templates is not available for installation when I'm using the web. I can't figured out where is my errors and all my reading haven't help me it mixed me up instead Thanks Tag: Access and roles in DCOM technology Tag: 79420
  - 16
    - Service running as Local system account Unable to map drive on ano Hi all I have a problem. I am developing a service which need to run as Local System Account, and which need to access a directory on a remote computer, in order to both read and write files. Both computers are running Windows 2000 and are in the same domain. As Local System Account do not have any network permissions as such, I have tried some alternative approaches but none seem to work. 1). I have tried to share the directory on the remote machine as a so called null session share (http://support.microsoft.com/default.aspx?scid=kb;en-us;289655), as that in theory should allow access to everyone and everything. But when I tried to write a file I got the "System error 5 has occurred.Access is denied." error. 2) Next I have tried to grant the computer account on which the service is running full access to the share as this article describes (http://forumz.tomshardware.com/software/Folder-Sharing-Computer-Accounts-ftopict225518.html). With the same result. The way I tested both approaches this: In both methods I use UNC format and IP numbers to address the remote share, like this: \\192.168.106.12\share\ 1) Run some code in my service using the function OpenStreamOnFile(MAPIAllocateBuffer, MAPIFreeBuffer, ulFlags, file_name, szFilePrefix, out_stream) function, and also fopen( "\\192.168.106.12\\share\\data.dat", "w+" ). Both methods fail though. 2) started a CMD prompt with Local Systems Account credentials (using the method described here: http://www.windowsitpro.com/Article/ArticleID/47673/47673.html and the psexc.exe tool from sysinternals - running psexec.exe -s cmd.exe). Then tried to both copy a file manually using the copy command and to map a drive letter using "net use". But all I got was a "System error 5 has occurred.Access is denied." I would appreciate any help I can get. Small things to try or even whole new approaches, as I am really running out of ideas here. Also if you need further information regarding my setup, please let me know. Thanks, and a merry Christmas to all Kind regards/ Venlig hilsen Peter Langhoff Feddersen System Engineer, MCSD Systematic Software Engineering A/S Web: www.systematic.dk Tag: Access and roles in DCOM technology Tag: 79417
  - 17
    - Not able to open a locked mdb file from Windows 2003 Hi, I have this problem: I'm not able to open an mdb file that is already locked. The file is located in another server, the folder is fully shared, and my user has full access to that folder. I only has this problem for Server running on Windows Server 2003. My Win2K Server doesn't have this problem. I can open the file only if I open it from Microsoft Access, when I tried to double click the file from Windows explorer nothing happen. If the file is not locked I can open it by double click, even though there is a security window pop up. I can open a locked mdb file if the file located in Local Server. Is this problem has anything to do with Windows Server 2003 security?? Any suggestion will be greatly appreciated Thanks Tag: Access and roles in DCOM technology Tag: 79411
  - 18
    - SPAM!!!! Im sick to death of spam , its soo anoying . The funniest thing is though Why have i recived an email that is spam and that has come from my actual email adress.?? Can any one help me? Cheers:D Tag: Access and roles in DCOM technology Tag: 79400
  - 19
    - Local Administrator Password Good morning! I was wondering if Microsoft had any software that globally reset all local admin passwords on my domain. Can MOM accomplish this? Thank you in advance for your help. Roger Settle rsettle@(remove this)oasisadvantage.com Tag: Access and roles in DCOM technology Tag: 79399
  - 20
    - 0x80070569: Logon failure: the user has not been granted the requested logon type at this computer. Hi. In a Windows 2000 domain, I defined a domain user (dom\StartTask) member of Domain Users and Users domain group with password never expires and set in Domain Security Policy 'Deny Access to this computer from the network' and 'Deny logon locally'. After this, in a member server (Server01), I create a scheduled task and associate with defined user. The task doesn't run and in View Log I see the following message: ---- "xxxx.job" (xxxx.bat) 12/22/2005 11:59:59 AM ** ERROR ** The attempt to log on to the account associated with the task failed, therefore, the task did not run. The specific error is: 0x80070569: Logon failure: the user has not been granted the requested logon type at this computer. Verify that the task's Run-as name and password are valid and try again. ---- In Event Viewer (Security) the event : Logon Failure: Reason: The user has not been granted the requested logon type at this machine User Name: StartTask Domain: dom Logon Type: 4 Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: Server01 ---- The strange think is that after I reset the password, the scheduled task works. Could you help me? Ivan Cella Eridano@hotmail.com Tag: Access and roles in DCOM technology Tag: 79396
  - 21
    - Error getting while Encrypting the data on final step of handshaking Hi all, I'm using Microsoft=AE Platform SDK 2003 and my client program is using SSPI calls. I'm able to get 4 octet string token from TGT server just before the final step of handshaking mechanism in SASL connection. i=2Ee. my final step of three way handshaking is broken in the final step where i'm calling EncryptMessage(..) [enquivant to gss_wrap( .. ) in GSSAPI]. It is returning some garbage value (-122346..34) instead of SEC_E_OK; ------------------------------------- SAME WAY I'VE TRIED THE HANDSHAKING MECHANISM USING GSSAPI CALLS AND .=2E...EVERYTHING IS WORKING FINE... WHILE USING SSPI CALLS.....I'M GETTING PROBLEMS...............!! Here is code snippet ---- --------- this step succeeded err =3D pSecurityInterface->InitializeSecurityContext ( &hcredClient, pClientCtxHandleIn, TEXT("LDAP/ps2345.intranet.xyz.com@INTRANET.XYZ.COM"), grfRequiredCtxAttrsClient, 0, SECURITY_NATIVE_DREP, pClientInput, 0, pClientCtxHandleOut, pClientOutput, &grfCtxAttrsClient, &expiryClientCtx); cbv.bv_len =3D pClientOutput->pBuffers[0].cbBuffer; cbv.bv_val =3D (char*)pClientOutput->pBuffers[0].pvBuffer; // successful call verified..... retval =3D ldap_sasl_bind_s(ld, NULL, "GSSAPI", &cbv, NULL, NULL, &sbv); if ((retval =3D=3D LDAP_SASL_BIND_IN_PROGRESS || retval =3D=3D LDAP_SUCCE= SS)) { cbv.bv_len =3D 0; cbv.bv_val =3D NULL; if (sbv) { ber_bvfree(sbv); sbv =3D NULL; } //replying the challenge will NULL value retval =3D ldap_sasl_bind_s(ld, NULL, "GSSAPI", &cbv, NULL, NULL, &sbv); if((retval =3D=3D LDAP_SASL_BIND_IN_PROGRESS || retval =3D=3D LDAP_SUCCES= S)) { inSecBufDesc.ulVersion =3D SECBUFFER_VERSION; inSecBufDesc.cBuffers =3D 2; inSecBufDesc.pBuffers =3D &inSecBuf[0]; inSecBuf[0].BufferType =3D SECBUFFER_STREAM; inSecBuf[0].cbBuffer =3D sbv->bv_len; inSecBuf[0].pvBuffer =3D sbv->bv_val; inSecBuf[1].BufferType =3D SECBUFFER_DATA; inSecBuf[1].cbBuffer =3D 0; inSecBuf[1].pvBuffer =3D NULL; ULONG mylongVal=3D0; //Decrypting the Response. err =3D pSecurityInterface->DecryptMessage(pClientCtxHandleIn, &inSecBufDesc, 0,&mylongVal); -------------- till here everything is successful....verified with corresponding GSSPI call ...the (inSecBufDesc).pBuffers[1] contains the 4 byte octet string....Now according to rfc2222.txt, final step required to wrap the data (EncryptMeassage call) in this case and use final ldap_sasl_bind_s call err =3D pSecurityInterface->QueryContextAttributes( pClientCtxHandleIn, SECPKG_ATTR_SIZES, &sizes); // password length is passWd_Len =3D strlen("myuserid@INTRANET.XYZ.COM") + 4; //setting the first byte of octet to 1 ptr =3D (unsigned char *)inSecBufDesc.pBuffers[1].pvBuffer; maxsz =3D (ptr[1]<<16) | (ptr[2]<<8)| (ptr[3]); ptr =3D (unsigned char *) malloc(passWd_Len); ptr[0]=3D 1; ptr[1]=3D maxsz>>16; ptr[2]=3D maxsz>>8; ptr[3]=3D maxsz; sprintf((char *)&ptr[4], "%s", "myuserid@INTRANET.XYZ.COM"); ---------------------------till here everything is ok....SAME AS DONE WITH GSSAPI CALLS AND IS SUCCEEDED ...EVERYTHING IS FINE TILL HERE. NOW THE JOB IS TO ENCRYPT AND SEND IT TO THE SERVER IN FINAL CALL.------------- --------------------Problem lies in next part of the code --------------------- // Need three descriptors, two for the SSP and one to hold the //application data. inSecBufDescSecond.ulVersion =3D SECBUFFER_VERSION; inSecBufDescSecond.cBuffers =3D 3; inSecBufDescSecond.pBuffers =3D &inSecBufSec[0]; inSecBufSec[0].BufferType =3D SECBUFFER_TOKEN; inSecBufSec[0].cbBuffer =3D sizes.cbSecurityTrailer; inSecBufSec[0].pvBuffer =3D malloc(sizes.cbSecurityTrailer); // This buffer holds the application data. inSecBufSec[1].BufferType =3D SECBUFFER_DATA; inSecBufSec[1].cbBuffer =3D passWd_Len; inSecBufSec[1].pvBuffer =3D malloc(inSecBufSec[1].cbBuffer); memcpy(inSecBufSec[1].pvBuffer, ptr, passWd_Len ); inSecBufSec[2].BufferType =3D SECBUFFER_PADDING; inSecBufSec[2].cbBuffer =3D sizes.cbBlockSize; inSecBufSec[2].pvBuffer =3D malloc(inSecBufSec[2].cbBuffer); err =3D pSecurityInterface->EncryptMessage(pClientCtxHandleIn, ( 0 / SECQOP_WRAP_NO_ENCRYPT ) ,&inSecBufDescSecond, 0); ----> if i keep second argument as SECQOP_WRAP_NO_ENCRYPT ....the call returns SEC_E_OK , butinSecBufDescSecond.pBuffers[1] does not contains the expected data. On the other hand keeping second argument 0=2E..returns error(-2146893054) Let me know...where is the problem ?? Amit Tag: Access and roles in DCOM technology Tag: 79392
  - 22
    - Server hang after installing MS05-053,54,55 Hi, Would like to check out does anyone experience server hang at "saving your setting.." during logoff after installing the above patches ? That is what happening to me right now on 4 of my servers. When the server hung, i starts getting a lot of event id 2002, application class, source : perflib, descriptions as remoteaccess DLL timeout, something like that. That was the last changes that i made to the servers. Ironically, it does not happen to all servers. That is the hardest part. And after we rebooted the server, it went back to normal. That's why i am unable to reproduce the problem for further diagnostics. Any reply or advise is much appreciated ! Thanks. Tag: Access and roles in DCOM technology Tag: 79391
  - 23
    - Invitation to join "Security, Privacy & Related Legal Issues" You are cordially invited to join the YahooGroups "Security, Privacy & Related Legal Issues" at http://groups.yahoo.com/group/securityprivacy/ GROUP DESCRIPTION: Privacy, Computer Security, Harassment, Stalking, Defamation, Libel and Related Legal Issues. All new members will be on temporary moderated status, in order to avoid spammers. Member list is private and members may join anonymously. List is also for fans of J.J. Luna, author of: Work From Home At Any Age; and How to Be Invisible Tag: Access and roles in DCOM technology Tag: 79390
  - 24
    - Digital Content Security Act Well, the movie Nazi's are trying it again... ..."Congress is leaving a special gift under the tree for Hollywood's film industry. Just before closing for the holidays, legislators introduced a new proposal designed to curb redistribution of movies.The Digital Transition Content Security Act would embed anticopying technology into the next generation of digital video products. If it makes its way from Capitol Hill to the Oval Office and becomes law, the measure will outlaw the manufacture or sale of electronic devices that convert analog video signals into digital video signals, effective one year from its enactment. PC-based tuners and digital video recorders are listed among the devices." http://politics.slashdot.org/article.pl?sid=05/12/22/0123210&from=rss Imhotep Tag: Access and roles in DCOM technology Tag: 79389
  - 25
    - Security Problem>>> Need Help!!! Hi, Hope someone here can help me. The problem is: My Browser keeps getting HiJacked despite Fort Knox Security. The Question is....What am I missing? I am using windows xp home w/sp2 installed(but disabled) in it's place I'm using Norton System Works, Fix it Utilities 6, Adaware SE, Spybot S&d, Norton and Mcafee Clean Sweeps, I have run File Analyzer, Net Analizer, Reg Analizer, Pop Up Blockers are: Windows(disabled), Nortons, MSN, Yahoo. I have disabled Remote Access, I have run MS Malware Tools, System is set to erase all tracks when browser closes and is confirmed. All Updates are up to date and run regularly. Checked all ports besides using all tools listed above. also use yahoo spyware scanner. my system is set up (High Speed Cable) Connected to router , to which I have Security enabled.I have checked for hardware and software conflicts and all is fine. all system tools run come up Zilch. I have scanned pc thru nortons and mcafee sites. I have scanned in safe mode, I have done everything i can think of. I know somthing or someone is getting into my system as I log on and my explorer page is different than what I have it set to. and my OE settings keep getting messed with, which I have to keep resetting. otherwise my system is 100% fine. I don't have any error messages or hangs. So someone please tell me what I am doing Wrong here. oh and another thing I noticed is my computer systems can be shut completely off and router and modem keeps showing pc activity, although I can't detect anything being sent or recieved. when i boot and logon as this is happening it then quits. I have also shut down the other antivirus and run AVG. I need some insight please. Tag: Access and roles in DCOM technology Tag: 79386
- Next
  - 1
    - parental permission please tell me how to give permission to my kids .i do not have a credit card Tag: Access and roles in DCOM technology Tag: 79378
  - 2
    - Weird problem / Email showing up in excel spreadsheet I have a windows 2000 domain, windows 2000 exchange. I have a user that just sent an email, the contents of the email autotyped themselves into an open excel spreadsheet on another users computer. This other user does not have an exchange account or anything. Any ideas? I have run netstat looked through all the startup stuff, no weird processes running, nothing. Please throw me some ideas here, this is bizarre and I have never seen this... Tag: Access and roles in DCOM technology Tag: 79377
  - 3
    - Event ID 5723 I keep getting this error on my DC (W2k3 Server) with the following... The session setup from computer '17951' failed because the security database does not contain a trust account '17951$' referenced by the specified computer. For user action is says to disjoin this account from the domain. That's fine, but I can't find the computer in AD. Is there a way to remove this ghost account? Can I use Netdom or ADSI edit? Tag: Access and roles in DCOM technology Tag: 79375
  - 4
    - network service accounts HKCU access Hi, I have a web service, as I understand from msdn docs, web services in IIS 6 works with network service account. Therefore for a specific purpose, I have to access the HKCU registry of network service account and add some keys there. But the problem is that, How to do that, since network service account is not a normal user account. can you please tell me how to do such a change in reg (HKCU) of network service account?? thanks, atx Tag: Access and roles in DCOM technology Tag: 79374
  - 5
    - spyware question I have microsoft anitspyware installed. I just got redirected to a japanese porn site when I clicked on a link. When I tried the link again it worked ok but an antispyware notice popped up saying, on top, that a change had been allowed (green) but underneath it said a change had been blocked. Makes no sense. The message referred to shdocvw.dll. When I clicked on "help", in the notice, a blank page came up. When I closed the blank page the spyware notice disappeared before I could copy it. I think it said "the microsoft doc object shdocvw.dll has been prevented from..." either changing, or loading or something. I dont remember what. I did a spyware scan and it did not detect any spyware. But then a notice on the spyware page said "number of items detected, 1". Makes no sense. I cannot find any information on what this "item detected" was (or is) or what to do about it. When I tried to send a report to Microsoft about it (in the spyware program) it said "submission failed, check you proxy settings". So far as I know, there is nothing wrong with my proxy settings. Can you shed any light on this situation? Thanks. Tag: Access and roles in DCOM technology Tag: 79369
  - 6
    - netmon where can i get the full version of netmon? Tag: Access and roles in DCOM technology Tag: 79356
  - 7
    - Boot Passwords Hi everyone, I have a BIOS utility on my PC (accessible during start up by pressing "F1") which allows me to set passwords, but for some reason the PC does not require that a user enters any of these passwords every time the PC is switched on, but rather only when a user enters the BIOS utility. My laptop requres the BIOS password to be entered every time the computer starts up, and I want my desktop PC to act in like manner. I have checked out the product support helpline for my desktop PC and it seems (strangely) that the BIOS passwords can not be set so that they are required on boot up. Does anyone know of any programs that will impliment a power on/boot password, or is there anything in Windows XP that will do the same? ------- Regards, CB. Tag: Access and roles in DCOM technology Tag: 79351
  - 8
    - Microsoft Excel Unspecified Memory Corruption Vulnerabilities http://www.securityfocus.com/bid/15926 Imhotep Tag: Access and roles in DCOM technology Tag: 79348
  - 9
    - Microsoft Internet Information Server 5.1 DLL Request Denial of Service Vulnerability http://www.securityfocus.com/bid/15921 (not much info available at this time) Imhotep Tag: Access and roles in DCOM technology Tag: 79347
  - 10
    - Best virus protection/ internet controls for multiple users I have been using Mcafee Security Center Installed on my Computer with Windows XP Media. The Privacy Service which allowed me to control sites and times my kids could access the internet defeloped a glich which required a very cumbersome uninstall process. Before I simply reinstall the program I'm wondering what recommendations you might have for good overall virus protection, spyware protection and for controlling internet access. We use Mozilla Foxfire. One problem with the Security Center was that it used a lot of CPU % and seemed to slow down the computer. Tag: Access and roles in DCOM technology Tag: 79345
  - 11
    - Tracking where mail is coming from. We are getting about 800 mails an hour that are trying to go out on our exchange server. We know that it is internal to the company but not which subnet it is coming from. Can any of you tell me how to use performance monitor to find out what IP it is coming from? If you can help I would really appreciate it. Thanks Tag: Access and roles in DCOM technology Tag: 79341
  - 12
    - Auditing folders Good morning everyone, I audit all of our folders using the built in feature in Server 2003. The problem is our event log files are huge by the end of the day because when Veritas runs the backup at night it logs every file it reads and opens in the event log. Does anyone know of a way to exclude programs or users from the auditing process? Thank you for your time. Tag: Access and roles in DCOM technology Tag: 79328
  - 13
    - Same User regardless of being on the domain. I have a laptop that I use at work where I log on to a domain. When I bring it home, I don't log on to the domain (because it doesn't exist.) As far as the system is concerned though I'm a different user. How do I make it the same user with/without the domain? Do I attempt to log in to the domain at home and just let it fail or what? TIA - Jeff. Tag: Access and roles in DCOM technology Tag: 79327
  - 14
    - Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability http://www.securityfocus.com/bid/13799 Imhotep Tag: Access and roles in DCOM technology Tag: 79315
  - 15
    - Microsoft Internet Explorer Dialog Manipulation Vulnerability http://www.securityfocus.com/bid/15823 Imhotep Tag: Access and roles in DCOM technology Tag: 79314
  - 16
    - Microsoft Windows MSDTC Memory Corruption Vulnerability http://www.securityfocus.com/bid/15056 Imhotep Tag: Access and roles in DCOM technology Tag: 79313
  - 17
    - fake security warnings i keep getting fake security warnings and i cant access my home page when i click on internet explorer this page loads: http://i6.photobucket.com/albums/y239/cannonfodder39/damncomp.jpg Tag: Access and roles in DCOM technology Tag: 79306
  - 18
    - restricted sites zone in IE Hi, I was adjusting my security settings in IE 6 and I clicked on "SITES" in the restricted zone, and there were a bunch of websites, mostly disreputable ones that I'm not sure how they got there. I didn't put them there. My question is this: if I remove them will they stay gone forever? I know this sounds silly, but I really don't know how they ended up in that list, I never added them. If I click remove, what exactly will that mean? Will those sites end up in the safe zone? Some advice please? Thanks... Tag: Access and roles in DCOM technology Tag: 79300
  - 19
    - Root CA cannot publish to CRL I am getting this in my event log after installing an enterprise root Certificate server on RootCAServer. Certificate Services could not publish a Delta CRL for key 0 to the following location on server C4.domain.com: ldap:///CN=Root CA,CN=RootCAServer,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=domainDC=com. Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344). ldap: 0x32: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 I have seen a few other posts. Server is a member of Cert Publishers group. Any other ideas? TIA, Steve Tag: Access and roles in DCOM technology Tag: 79295
  - 20
    - Terminal server security issue with screen cache? Hi, I've never seen this mentioned anywhere, but at the hospital I work for, we use a lot of thin clients with Terminal Servers. We also have PC's that connect to them. When the client PC screen locks with the default logon.scr screen saver while the session is idle in the background, if you switch back to the Terminal Server session screen, there is about a 1/2 second where the previously viewed screen is visible, then it updates to show the new screen, which is the login screen. The problem is, it's pretty trivial to just click on the taskbar icon of the session, bring it to the foreground, and hit print screen in that half second, then paste it into paint, or something like that. I've done it many times just to demonstrate the method. If there is patient information in that screen (or any other sensitive info) it's easy to snap a shot of it, and walk away with the data. I have tried DE-selecting using bitmap caching in the TS client, but that doesn't affect it. Has anyone ever heard of alleviating this gap using settings on the client? Thanks, Tag: Access and roles in DCOM technology Tag: 79293
  - 21
    - RPC UUID Hallo I would like to monitor RPC connections through my Windows NW. I developed a tool that is able to extract UUID from any Microsoft RPC Connections. The problem is that I need a lot of time to map every UUID because this activity have to be done manually throogh RPCDump. I would like to know if is there a complete list of all MICROSOFT RPC UUIDs and corrisponding RPC service so that the mapping can be done automatically? Thankyou for any help. Tag: Access and roles in DCOM technology Tag: 79291
  - 22
    - Backup and Restore local SAM Hi, I have a few large file servers running Windows 2000, each having a large number of local security groups on them. These are connected to a Storage Area Network, containing all data. If one of these servers crashes, I can easily create another server and map that server to the same volume used by the dead server. This saves the data, however, I am not sure how to restore the local groups so that their SIDs will correctly map to the data. Since these servers contain so much data, it would be difficult to re-create these groups, then re-assign the security to the data manually, assuming I could even remember each and every set of permissions in the first place. Do any of you know how to correctly restore these types of permissions or have you had a file server crash to where you needed to re-create local accounts? Tag: Access and roles in DCOM technology Tag: 79288
  - 23
    - Access with cached credentials Hi out there I have a simple question - how long is cached credentials pr. default valid in a windows environment ? The cause for the question is a small windows nt4 domain where the PDC (single and only) has gone forever - no backup neither - and the dealer is now pretty happy even though they no PDC - they can still logon to their workstations and have all vitale services local - the password is set to never expiere. If there is no need for them to add new users or change passwords etc will the cached credentiels ever expiere ? Tag: Access and roles in DCOM technology Tag: 79284
  - 24
    - Users with ADMIN profile Hi, We network at present is as follows: We have both a NT and 03 Domain. There is a two way trust between the NT4 and Windows 2003 server. The client machines are either Win2k or XP Pro with the latest service packs. The users logon to the 03 domain and are authenticated etc via this domain. The problem i have is that unless the users are a member of the Domain Admins group, certain programs on their pc will not work. Of course i dont want everyone playing about with the domain and have such a high security access. To setup a basic user on the windows xp or win2k, do they need to be a member of the local machine interms of security. Can i give everyone differnet access via the Group policy editor. Thanks for your help Mo Tag: Access and roles in DCOM technology Tag: 79283
  - 25
    - Running slow, know it's a virus but can't find it! My icons are slow to display, my generally fast up to date, newer computer is running too slow. I just know I've got a virus somewhere but McAfee and Stop Sign are not finding anything and showing clean. Any suggestions? Tag: Access and roles in DCOM technology Tag: 79270

Hi everybody,

I have a system consists of 4 servers. On each server there are services and
COM+ components installed. The services and components run under applicative
user. The 4 servers interact via DCOM technology. If the applicative user is
a regular user in the Domain, the DCOM operations fail because of "Access
denied". If this user is local administrator on 4 servers everything works
fine. Does anyone know, what are the minimal roles needed for the applicative
user so the DCOM technology will work between the servers? Must he be an
administrator? The operation system is Windows 2003.
Thank you in advance for any help

Efrat

Top

Re: Access and roles in DCOM technology by Roger

Roger
Tue Dec 27 10:06:35 CST 2005

No, it is not necessary for the domain account to be an
administrator on the involved machines, and, in fact the
account should definitely not be.
It sounds like you are not taking DCom launch/access
permissions into account. These are defined on a per
COM+ component basis (when the defaults are not
sufficient), which is within the Components mmc and
which may be set for the components by the installer
during installation by an admin. Notice also that XP SP2
and W2k3 Sp1 added further DCom/Com+ security
settings (in the Security Options part of group policy)
but these should only come into play when an application
is relying on the default values (for launch/access/etc).
You would be best off adjusting the permissions that are
specific to your components - admins will be resistant to
either granting admin or over loosening for all just for the
sake of your application (or at least they should be).

"ef" <ef@discussions.microsoft.com> wrote in message
news:36D021A2-5627-45D6-ACC7-FD89262C199B@microsoft.com...
> Hi everybody,
>
> I have a system consists of 4 servers. On each server there are services
> and
> COM+ components installed. The services and components run under
> applicative
> user. The 4 servers interact via DCOM technology. If the applicative user
> is
> a regular user in the Domain, the DCOM operations fail because of "Access
> denied". If this user is local administrator on 4 servers everything works
> fine. Does anyone know, what are the minimal roles needed for the
> applicative
> user so the DCOM technology will work between the servers? Must he be an
> administrator? The operation system is Windows 2003.
> Thank you in advance for any help
>
> Efrat
>

Top