CreateEvent -- Access Denied

I have a DCOM Server running remotely which is running under a particular account in the domain.  Code in this server attempts to call CreateEvent and it is failing with GetLastError = 5 (Access Denied).

Any ideas?  Is there a particular right that must be granted to the the account under which the DCOM server is running?   I will give mucho points for the right answer.
LVL 4
mandhjoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

captainkirkCommented:
In an NT domain, perhaps the user account has to have admin privileges to be able to do what you need ... not positive about that, but just a thought. Check with your net administrator to modify those privileges and test it just for fun...
0
jkrCommented:
You'll have to create the event using an appropriate SID, e.g.

    PSID                        psidWorldSid            =   NULL;
    SECURITY_DESCRIPTOR         sd;
    SECURITY_ATTRIBUTES         sa;
    SID_IDENTIFIER_AUTHORITY    siaWorldSidAuthority    =   SECURITY_WORLD_SID_AUTHORITY;


    //  Create a security descriptor for the object that allows
    //  access from both the privileged service and the non-privileged
    //  user mode programs

    psidWorldSid    =   ( PSID) LocalAlloc  (   LPTR,
                                                GetSidLengthRequired    (   1)
                                            );

    InitializeSid   (   psidWorldSid,   &siaWorldSidAuthority,  1);

    *(  GetSidSubAuthority  (   psidWorldSid,   0)) =   SECURITY_WORLD_RID;

    InitializeSecurityDescriptor    (   &sd,    SECURITY_DESCRIPTOR_REVISION);

    SetSecurityDescriptorGroup      (   &sd,    psidWorldSid,   TRUE);

    ZeroMemory  (   &sa,    sizeof  (   SECURITY_ATTRIBUTES));

    sa.nLength              =   sizeof  (   SECURITY_ATTRIBUTES);
    sa.lpSecurityDescriptor =   &sd;


*Note* that this SD has to be applied when the event is initially created...
0
jkrCommented:
BTW: That's the code I use to share synchronization object handles between services and 'normal' applications, so it should also work for your event ;-)
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

mandhjoAuthor Commented:
Interestingly enough, I added the following call to my WinMain function of my out of process COM Server and the problem has gone away.

      hRes = CoInitializeSecurity( 0, -1, 0, 0, RPC_C_AUTHN_LEVEL_NONE, RPC_C_IMP_LEVEL_IDENTIFY, 0, EOAC_NONE, 0 );

0
jkrCommented:
Yes, that's due to 'RPC_C_AUTHN_LEVEL_NONE', which will will turn off RPC authenticarion at all (e.g. 'guest' is always sufficiant) - is this what you want?
0
jkrCommented:
Err, comment is not precise enough ;-)

This means that the component you're activating runs in the default security context of the remore server (may be sufficianf for your needs), but if user-level security applies for your app, it's a bit 'too open'
0
jkrCommented:
*HATE* to correct myself ;-)

BUT: Setting a 'world' SID on an object is the same as turning off authentication....so my suggestion is mainly opening an equally dangerous security hole ... (and offers the chance to switch to more restricted SIDs later ;-)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mandhjoAuthor Commented:
Good enough for me...thanks for the explanation...er, explanationS.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C++

From novice to tech pro — start learning today.