is there an api to change the Access Permissions for the COM Security? i need to write new values to "Edit Limits..." and "Edit Default...". are these plain registry settings? can't find how to set these entries.
Change permissionUnder the Permissions window, select the local Administrators group and under Permissions for Administrators select Full Control and click Apply, then OK.
To set access permissions for a computer On the Default Security property page in Dcomcnfg.exe, choose the Edit Default button in the Default Access Permissions area. To remove users or groups, select the user or group you want to remove and choose the Remove button.
The quick answer is Yes they are registry settings, the long answer is No they are not simple registry settings. The values are binary and point to an ACL structure. In order to change these you need to load, update, and save the ACL (which requires a fair amount of code). The DCOMPerm sample in the windows SDK is a decent place to start, i have used it as a basis for a set of classes i use at work to handle this problem (Unfortunately, i am not able to release that code into the public domain)
You can review the MSDN Documentation for the DCOM key structure - that covers computer wide settings. COM application specific settings are stored under its APPID in the registry in the AccessPermission and LaunchPermission values.
Keep in mind that modifying the ACLs for the machine wide settings can quickly render your machine unusable if you do it incorrectly. If i remember correctly, you can simply delete the values (via RegEdit) and the OS will restore defaults to bring your machine back... but i'm not 100% certain on that anymore.
EDIT: The binary data is actually a Security Descriptor, but ultimately its the contained ACL that needs to dealt with - the SD just adds one more layer of code when unpacking/packing it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With