Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

DCOM Launch Permissions

Posted on 2001-09-12
12
1,343 Views
Last Modified: 2008-02-26
How can I set launch permissions for a DCOM object (using Delphi code) so that a remote user can create an instance of my COM object. This code would achieve the same result as running dcomcnfg.exe, selecting the desired object, clicking "Properties" and changing the launch permissions under the Security tab.

------------------

I've just increased the points to 300 (I tried 800, but Ex-Ex doesn't allow more than 300 per question), and to qualify I would like Delphi code examples please. No links.

What I've found out thus far is as follows:

1. It appears that the API call needed might be CoInitializeSecurity() which is not documented in Delphi's help.

2. I can change default permissions for all DCOM objects using the above function, but that is not what I'm wanting.

3. I would like to give a specific remote user launch permission for a specific DCOM object on my local PC. I can get a remote user's SID using LookupAccountName(), and it's possible that CoInitializeSecurity() may use this.

4. When a COM object's launch permissions are changed (and thus it no longer uses the default launch permissions), that COM object gets a new binary value in the Registry called "LaunchPermission" found under HCR\AppID\{Com Object GUID}. Unfortunately the contents of this binary value are a mystery, and thus I would prefer an API function instead of modifying the Registry directly. (See also Cubud's comment.)

5. The following links may be of use to you:
http://www.microsoft.com/msj/defaultframe.asp?page=/msj/1198/security/security1198.htm&nav=/msj/1198/newnav.htm
http://shrike.depaul.edu/~eklodnic/dcom.htm
http://www.intellution.com/opchub/opcdcom.asp


In summary, the perfect answer would provide code for a function something like this:

function SetRemoteUserLaunchPermissions(MyDCOMGUID: TGUID; RemoteUserName: string; GrantLaunchPermission: Boolean): Boolean;

Thanks,
JB

0
Comment
Question by:JimBob091197
12 Comments
 
LVL 3

Expert Comment

by:cubud
ID: 6476617
Search the web for an app called RegMon, it will monitor all changes to the registry, run dcomcfg.exe while regmon is running and you will be able to see what it did to the registry.

Pete
http://www.HowToDoThings.com (Delphi articles)
http://www.Stuckindoors.com/delphi (Open source)
0
 
LVL 5

Author Comment

by:JimBob091197
ID: 6476854
I'd rather use API functions or another mechanism provided by Windows. I've already found several differences regarding where things are stored in the registry with Win NT, Win 2000 & Win 95/98/ME, so I don't really want to modify the Registry entries directly. Maybe as a last resort...

Thanks,
JB
0
 

Expert Comment

by:lsae
ID: 6477730
listening...
0
Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 1

Expert Comment

by:malsoft
ID: 6478966
JimBob,

As far as point 1 is concerned, have you looked at the MSDN Online library? I found the following about the CoInitializeSecurity() function:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/com/hh/com/cmf_a2c_8ayh.asp

Hope that explains some of the functionality you'll need...
0
 
LVL 14

Accepted Solution

by:
AvonWyss earned 300 total points
ID: 6479029
JimBob, Microsoft explains the registry setting here:

http://msdn.microsoft.com/library/en-us/com/hh/com/security_3jw9.asp
and
http://msdn.microsoft.com/library/en-us/com/hh/com/reg_33y1.asp

The binary data inside these two keys are ACLs. This may help you with the ACLs:

http://msdn.microsoft.com/library/en-us/security/hh/winbase/acctrlow_7ldf.asp

You may also want to have a look at the ACCCTRL and ACLAPI header translations included in Delphi. Unfortunaltely, the ACLAPI.DLL needed for the latter is not part of the standard windows installation.
0
 
LVL 20

Expert Comment

by:Madshi
ID: 6480388
Good comment, AvonWyss...  :-)

I remember having seen the very same question somewhere else somewhen, don't have the link right now. The answer was also to edit the registry directly, if I remember right.

JimBob, if you need help in creating the ACL, you might want to look at my package "madSecurity" (free for non-commercial usage), with which you can e.g. do this:

function WriteAclInString(accountName: string; accessMask: dword) : string;
begin
  with NewAcl do begin
    NewItem(Account(accountName), dwordAccessMask);
    SetLength(result, Size);
    Move(PAcl^, pchar(result)^, Size);
  end;
end;
   
See also:
http://help.madshi.net/Data/ACLs.htm

Of course you can do everything by yourself, too. But creating ACLs is no fun...

Regards, Madshi.
0
 
LVL 5

Author Comment

by:JimBob091197
ID: 6486785
Thanks everybody for your responses.

Madshi, I don't particularly want to pay for a library, but I will bear your solution in mind if nobody else adds further comments. Unfortunately I am busy with other things, so I was hoping not to spend too much time with this problem.

Thanks,
JB
0
 
LVL 20

Expert Comment

by:Madshi
ID: 6486788
>> Madshi, I don't particularly want to pay for a library, but I will bear your solution in mind if nobody else adds further comments

In that case please test my stuff before buying it, not the other way round. I only want satisfied costumers...  :-)
0
 
LVL 5

Author Comment

by:JimBob091197
ID: 6486806
No problem.  ;-)

But what I also said was that I don't have the time right now to go into it, but if nobody can provide my "ideal" answer (see original question) then I will indeed have a look at your components in the next few days.

Cheers,
JB
0
 
LVL 1

Expert Comment

by:pede
ID: 6490611
Listening :o)
0
 
LVL 17

Expert Comment

by:geobul
ID: 9307842
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

accept AvonWyss's comment as answer

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Thanks,

geobul
EE Cleanup Volunteer
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Delphi XE10, MySQL Query 4 164
Delphi: how to implement a User Shortcut mapper? 1 117
Delphi inherited method 6 76
Adoquery sql  left join does not work 25 98
Introduction I have seen many questions in this Delphi topic area where queries in threads are needed or suggested. I know bumped into a similar need. This article will address some of the concepts when dealing with a multithreaded delphi database…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question