Com server setup

TheMSsForum.com: The Microsoft Software Forum

Hi People

We have just upgraded to Windows 2003 and now we need to make a com server
application run on this new platform.

I can register the application (and see it show up in dcomcnfg).

The problem is that I need to set the identity the compoenent is run as, and
I need to set who has launch permissions to the compoent.

This I have to do using etiher a command-line tool or programmatic (It is to
be used in a unattended installation).

In Windows 2000 I used the utility called DCOMPerm library, but it doesn't
seem to work under Windows 2003.

I hope someone has an idea of how I can do it.

Best Regards
Brian
Top

Re: Com server setup by Adi

Adi
Thu Sep 01 04:45:12 CDT 2005

Hi Brian,

I'm facing the same problem now. Did you find an answer to your
question?

Bets Regards,
Adi

Brian Nielsen wrote:
> Hi People
>
> We have just upgraded to Windows 2003 and now we need to make a com server
> application run on this new platform.
>
> I can register the application (and see it show up in dcomcnfg).
>
> The problem is that I need to set the identity the compoenent is run as, and
> I need to set who has launch permissions to the compoent.
>
> This I have to do using etiher a command-line tool or programmatic (It is to
> be used in a unattended installation).
>
> In Windows 2000 I used the utility called DCOMPerm library, but it doesn't
> seem to work under Windows 2003.
>
> I hope someone has an idea of how I can do it.
>
> Best Regards
> Brian

Top

Re: Com server setup by BrianNielsen

BrianNielsen
Thu Sep 01 05:00:27 CDT 2005

Hi Adi

I found out that DCOMPerm do actually work in Windows 2003 Server so it is
still possible to set launch and access permissions using this tool.

If you have installed Service Pack 1 on your server, you must be aware of
the extra security check that has been added when accessing COM applications.
If you right-click on My Computer in Component Services and choose
Properties. Then go to COM Security tab and there is a limit button which
controls the additional check. The default (in SP1) is that it is not
possible for others than Administrator to launch com components on the server
from remote.

There is a catch in changing the limits which you can read about on
Microsofts site. Limits are a machine wide check and therefore changes made
here will affect all COM components.

Hope it helps

Brian

"Adi" wrote:

> Hi Brian,
>
> I'm facing the same problem now. Did you find an answer to your
> question?
>
> Bets Regards,
> Adi
>
> Brian Nielsen wrote:
> > Hi People
> >
> > We have just upgraded to Windows 2003 and now we need to make a com server
> > application run on this new platform.
> >
> > I can register the application (and see it show up in dcomcnfg).
> >
> > The problem is that I need to set the identity the compoenent is run as, and
> > I need to set who has launch permissions to the compoent.
> >
> > This I have to do using etiher a command-line tool or programmatic (It is to
> > be used in a unattended installation).
> >
> > In Windows 2000 I used the utility called DCOMPerm library, but it doesn't
> > seem to work under Windows 2003.
> >
> > I hope someone has an idea of how I can do it.
> >
> > Best Regards
> > Brian
>
>
Top

Re: Com server setup by Adi

Adi
Thu Sep 01 06:57:56 CDT 2005

Hi Brian,

Thanks for your quick response. "Edit limits" is exactly what I need to
modify and I didn't find a way of doing it with dcomperm utility. How
are you dealing with this issue, it at all?

Regards,
Adi

Top

Re: Com server setup by BrianNielsen

BrianNielsen
Thu Sep 01 10:47:41 CDT 2005

Hi Adi

I've found 2 ways to do it.

Either by using some LDAP calls to make a group as member of the new Builtin
group called "Distributed COM Users". This group has permissions for
launching remote COM components

Or you can change the ACL in registry as noted in this article by Microsoft:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/com/html/1917834c-5216-4ef3-a0c2-d8ca63cef53d.asp

If you find better ways to it I would like to hear about it :-)

/Brian

"Adi" wrote:

> Hi Brian,
>
> Thanks for your quick response. "Edit limits" is exactly what I need to
> modify and I didn't find a way of doing it with dcomperm utility. How
> are you dealing with this issue, it at all?
>
> Regards,
> Adi
>
>
Top

Re: Com server setup by Adi

Adi
Sun Sep 04 03:18:14 CDT 2005

Hi Brian

Meanwhile I've asked one of our C++ guys to check if he can modify
DCOMPERM utility to support the new COM settings. He was able to do it,
so now I have dcomperm.exe which allows to change "Edit limits". I can
send it to you if you are interested.

Regards,
Adi

Top

Re: Com server setup by JVdd

JVdd
Wed Sep 07 08:34:14 CDT 2005

Hi Adi,

I am having the same problems. I am very interested in the updated
code of DCOMPERM. Could you send me this code and executable?

Many thanks,

Johan.

Adi wrote:
> Hi Brian
>
> Meanwhile I've asked one of our C++ guys to check if he can modify
> DCOMPERM utility to support the new COM settings. He was able to do it,
> so now I have dcomperm.exe which allows to change "Edit limits". I can
> send it to you if you are interested.
>
> Regards,
> Adi

Top

Re: Com server setup by Adi

Adi
Sun Sep 11 09:20:51 CDT 2005

Hi Johan,

Unfortunately this code was found causing problems. Right after using
the updated DcomPerm there are dcom errors appear in the Event Viewer
saying something like "machine wide limits access security descriptor
invalid".

Regards,
Ado.

Top