Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

change Access Permissions in Component Services > COM Security with script/api?

Tags:

com

dcom

is there an api to change the Access Permissions for the COM Security? i need to write new values to "Edit Limits..." and "Edit Default...". are these plain registry settings? can't find how to set these entries.

like image 958
devployment Avatar asked Jan 04 '10 11:01

devployment


People also ask

How to change security permissions on Component Services administrative tool?

Change permissionUnder the Permissions window, select the local Administrators group and under Permissions for Administrators select Full Control and click Apply, then OK.

How do I reset DCOM permissions?

To set access permissions for a computer On the Default Security property page in Dcomcnfg.exe, choose the Edit Default button in the Default Access Permissions area. To remove users or groups, select the user or group you want to remove and choose the Remove button.


1 Answers

The quick answer is Yes they are registry settings, the long answer is No they are not simple registry settings. The values are binary and point to an ACL structure. In order to change these you need to load, update, and save the ACL (which requires a fair amount of code). The DCOMPerm sample in the windows SDK is a decent place to start, i have used it as a basis for a set of classes i use at work to handle this problem (Unfortunately, i am not able to release that code into the public domain)

You can review the MSDN Documentation for the DCOM key structure - that covers computer wide settings. COM application specific settings are stored under its APPID in the registry in the AccessPermission and LaunchPermission values.

Keep in mind that modifying the ACLs for the machine wide settings can quickly render your machine unusable if you do it incorrectly. If i remember correctly, you can simply delete the values (via RegEdit) and the OS will restore defaults to bring your machine back... but i'm not 100% certain on that anymore.

EDIT: The binary data is actually a Security Descriptor, but ultimately its the contained ACL that needs to dealt with - the SD just adds one more layer of code when unpacking/packing it.

like image 151
Ruddy Avatar answered Oct 06 '22 07:10

Ruddy