Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DCOM Launch Permissions

Posted on 2001-09-12
12
Medium Priority
?
1,355 Views
Last Modified: 2008-02-26
How can I set launch permissions for a DCOM object (using Delphi code) so that a remote user can create an instance of my COM object. This code would achieve the same result as running dcomcnfg.exe, selecting the desired object, clicking "Properties" and changing the launch permissions under the Security tab.

------------------

I've just increased the points to 300 (I tried 800, but Ex-Ex doesn't allow more than 300 per question), and to qualify I would like Delphi code examples please. No links.

What I've found out thus far is as follows:

1. It appears that the API call needed might be CoInitializeSecurity() which is not documented in Delphi's help.

2. I can change default permissions for all DCOM objects using the above function, but that is not what I'm wanting.

3. I would like to give a specific remote user launch permission for a specific DCOM object on my local PC. I can get a remote user's SID using LookupAccountName(), and it's possible that CoInitializeSecurity() may use this.

4. When a COM object's launch permissions are changed (and thus it no longer uses the default launch permissions), that COM object gets a new binary value in the Registry called "LaunchPermission" found under HCR\AppID\{Com Object GUID}. Unfortunately the contents of this binary value are a mystery, and thus I would prefer an API function instead of modifying the Registry directly. (See also Cubud's comment.)

5. The following links may be of use to you:
http://www.microsoft.com/msj/defaultframe.asp?page=/msj/1198/security/security1198.htm&nav=/msj/1198/newnav.htm
http://shrike.depaul.edu/~eklodnic/dcom.htm
http://www.intellution.com/opchub/opcdcom.asp


In summary, the perfect answer would provide code for a function something like this:

function SetRemoteUserLaunchPermissions(MyDCOMGUID: TGUID; RemoteUserName: string; GrantLaunchPermission: Boolean): Boolean;

Thanks,
JB

0
Comment
Question by:JimBob091197
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 3

Expert Comment

by:cubud
ID: 6476617
Search the web for an app called RegMon, it will monitor all changes to the registry, run dcomcfg.exe while regmon is running and you will be able to see what it did to the registry.

Pete
http://www.HowToDoThings.com (Delphi articles)
http://www.Stuckindoors.com/delphi (Open source)
0
 
LVL 5

Author Comment

by:JimBob091197
ID: 6476854
I'd rather use API functions or another mechanism provided by Windows. I've already found several differences regarding where things are stored in the registry with Win NT, Win 2000 & Win 95/98/ME, so I don't really want to modify the Registry entries directly. Maybe as a last resort...

Thanks,
JB
0
 

Expert Comment

by:lsae
ID: 6477730
listening...
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 1

Expert Comment

by:malsoft
ID: 6478966
JimBob,

As far as point 1 is concerned, have you looked at the MSDN Online library? I found the following about the CoInitializeSecurity() function:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/com/hh/com/cmf_a2c_8ayh.asp

Hope that explains some of the functionality you'll need...
0
 
LVL 14

Accepted Solution

by:
AvonWyss earned 1200 total points
ID: 6479029
JimBob, Microsoft explains the registry setting here:

http://msdn.microsoft.com/library/en-us/com/hh/com/security_3jw9.asp
and
http://msdn.microsoft.com/library/en-us/com/hh/com/reg_33y1.asp

The binary data inside these two keys are ACLs. This may help you with the ACLs:

http://msdn.microsoft.com/library/en-us/security/hh/winbase/acctrlow_7ldf.asp

You may also want to have a look at the ACCCTRL and ACLAPI header translations included in Delphi. Unfortunaltely, the ACLAPI.DLL needed for the latter is not part of the standard windows installation.
0
 
LVL 20

Expert Comment

by:Madshi
ID: 6480388
Good comment, AvonWyss...  :-)

I remember having seen the very same question somewhere else somewhen, don't have the link right now. The answer was also to edit the registry directly, if I remember right.

JimBob, if you need help in creating the ACL, you might want to look at my package "madSecurity" (free for non-commercial usage), with which you can e.g. do this:

function WriteAclInString(accountName: string; accessMask: dword) : string;
begin
  with NewAcl do begin
    NewItem(Account(accountName), dwordAccessMask);
    SetLength(result, Size);
    Move(PAcl^, pchar(result)^, Size);
  end;
end;
   
See also:
http://help.madshi.net/Data/ACLs.htm

Of course you can do everything by yourself, too. But creating ACLs is no fun...

Regards, Madshi.
0
 
LVL 5

Author Comment

by:JimBob091197
ID: 6486785
Thanks everybody for your responses.

Madshi, I don't particularly want to pay for a library, but I will bear your solution in mind if nobody else adds further comments. Unfortunately I am busy with other things, so I was hoping not to spend too much time with this problem.

Thanks,
JB
0
 
LVL 20

Expert Comment

by:Madshi
ID: 6486788
>> Madshi, I don't particularly want to pay for a library, but I will bear your solution in mind if nobody else adds further comments

In that case please test my stuff before buying it, not the other way round. I only want satisfied costumers...  :-)
0
 
LVL 5

Author Comment

by:JimBob091197
ID: 6486806
No problem.  ;-)

But what I also said was that I don't have the time right now to go into it, but if nobody can provide my "ideal" answer (see original question) then I will indeed have a look at your components in the next few days.

Cheers,
JB
0
 
LVL 1

Expert Comment

by:pede
ID: 6490611
Listening :o)
0
 
LVL 17

Expert Comment

by:geobul
ID: 9307842
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

accept AvonWyss's comment as answer

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Thanks,

geobul
EE Cleanup Volunteer
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
In this tutorial I will show you how to use the Windows Speech API in Delphi. I will only cover basic functions such as text to speech and controlling the speed of the speech. SAPI Installation First you need to install the SAPI type library, th…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question