CreateEvent -- Access Denied

I have a DCOM Server running remotely which is running under a particular account in the domain.  Code in this server attempts to call CreateEvent and it is failing with GetLastError = 5 (Access Denied).

Any ideas?  Is there a particular right that must be granted to the the account under which the DCOM server is running?   I will give mucho points for the right answer.
Who is Participating?
jkrConnect With a Mentor Commented:
*HATE* to correct myself ;-)

BUT: Setting a 'world' SID on an object is the same as turning off my suggestion is mainly opening an equally dangerous security hole ... (and offers the chance to switch to more restricted SIDs later ;-)
In an NT domain, perhaps the user account has to have admin privileges to be able to do what you need ... not positive about that, but just a thought. Check with your net administrator to modify those privileges and test it just for fun...
You'll have to create the event using an appropriate SID, e.g.

    PSID                        psidWorldSid            =   NULL;

    //  Create a security descriptor for the object that allows
    //  access from both the privileged service and the non-privileged
    //  user mode programs

    psidWorldSid    =   ( PSID) LocalAlloc  (   LPTR,
                                                GetSidLengthRequired    (   1)

    InitializeSid   (   psidWorldSid,   &siaWorldSidAuthority,  1);

    *(  GetSidSubAuthority  (   psidWorldSid,   0)) =   SECURITY_WORLD_RID;

    InitializeSecurityDescriptor    (   &sd,    SECURITY_DESCRIPTOR_REVISION);

    SetSecurityDescriptorGroup      (   &sd,    psidWorldSid,   TRUE);

    ZeroMemory  (   &sa,    sizeof  (   SECURITY_ATTRIBUTES));

    sa.nLength              =   sizeof  (   SECURITY_ATTRIBUTES);
    sa.lpSecurityDescriptor =   &sd;

*Note* that this SD has to be applied when the event is initially created...
Never miss a deadline with

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

BTW: That's the code I use to share synchronization object handles between services and 'normal' applications, so it should also work for your event ;-)
mandhjoAuthor Commented:
Interestingly enough, I added the following call to my WinMain function of my out of process COM Server and the problem has gone away.

      hRes = CoInitializeSecurity( 0, -1, 0, 0, RPC_C_AUTHN_LEVEL_NONE, RPC_C_IMP_LEVEL_IDENTIFY, 0, EOAC_NONE, 0 );

Yes, that's due to 'RPC_C_AUTHN_LEVEL_NONE', which will will turn off RPC authenticarion at all (e.g. 'guest' is always sufficiant) - is this what you want?
Err, comment is not precise enough ;-)

This means that the component you're activating runs in the default security context of the remore server (may be sufficianf for your needs), but if user-level security applies for your app, it's a bit 'too open'
mandhjoAuthor Commented:
Good enough for me...thanks for the, explanationS.
All Courses

From novice to tech pro — start learning today.