Friday, July 20, 2018

DCOM configuration permissions are Registry key permissions

The DCOM Configuration section of the Component Services snap-in allows modifying the permissions of COM applications. The ability to change the permissions on the Security tab is governed by the ACL in the Configuration Permissions section. Even going into the Advanced dialog on the ACL editor, though, doesn't allow administrative ownership-taking, so even administrators can't always adjust the permissions.

The Configuration Permissions are actually the permissions on the Registry key describing the COM application:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{GUID}

The GUID is the application ID from the General tab of the application's properties window. The Advanced ACL editor in the Registry Editor can be used to take ownership and adjust configuration permissions. After a reboot, the DCOM Configuration snap-in can be used to graphically adjust Launch and Activation or Access permissions.

No comments:

Post a Comment