Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DCOM Launch Permissions

Posted on 2001-09-12
12
Medium Priority
?
1,356 Views
Last Modified: 2008-02-26
How can I set launch permissions for a DCOM object (using Delphi code) so that a remote user can create an instance of my COM object. This code would achieve the same result as running dcomcnfg.exe, selecting the desired object, clicking "Properties" and changing the launch permissions under the Security tab.

------------------

I've just increased the points to 300 (I tried 800, but Ex-Ex doesn't allow more than 300 per question), and to qualify I would like Delphi code examples please. No links.

What I've found out thus far is as follows:

1. It appears that the API call needed might be CoInitializeSecurity() which is not documented in Delphi's help.

2. I can change default permissions for all DCOM objects using the above function, but that is not what I'm wanting.

3. I would like to give a specific remote user launch permission for a specific DCOM object on my local PC. I can get a remote user's SID using LookupAccountName(), and it's possible that CoInitializeSecurity() may use this.

4. When a COM object's launch permissions are changed (and thus it no longer uses the default launch permissions), that COM object gets a new binary value in the Registry called "LaunchPermission" found under HCR\AppID\{Com Object GUID}. Unfortunately the contents of this binary value are a mystery, and thus I would prefer an API function instead of modifying the Registry directly. (See also Cubud's comment.)

5. The following links may be of use to you:
http://www.microsoft.com/msj/defaultframe.asp?page=/msj/1198/security/security1198.htm&nav=/msj/1198/newnav.htm
http://shrike.depaul.edu/~eklodnic/dcom.htm
http://www.intellution.com/opchub/opcdcom.asp


In summary, the perfect answer would provide code for a function something like this:

function SetRemoteUserLaunchPermissions(MyDCOMGUID: TGUID; RemoteUserName: string; GrantLaunchPermission: Boolean): Boolean;

Thanks,
JB

0
Comment
Question by:JimBob091197
12 Comments
 
LVL 3

Expert Comment

by:cubud
ID: 6476617
Search the web for an app called RegMon, it will monitor all changes to the registry, run dcomcfg.exe while regmon is running and you will be able to see what it did to the registry.

Pete
http://www.HowToDoThings.com (Delphi articles)
http://www.Stuckindoors.com/delphi (Open source)
0
 
LVL 5

Author Comment

by:JimBob091197
ID: 6476854
I'd rather use API functions or another mechanism provided by Windows. I've already found several differences regarding where things are stored in the registry with Win NT, Win 2000 & Win 95/98/ME, so I don't really want to modify the Registry entries directly. Maybe as a last resort...

Thanks,
JB
0
 

Expert Comment

by:lsae
ID: 6477730
listening...
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:malsoft
ID: 6478966
JimBob,

As far as point 1 is concerned, have you looked at the MSDN Online library? I found the following about the CoInitializeSecurity() function:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/com/hh/com/cmf_a2c_8ayh.asp

Hope that explains some of the functionality you'll need...
0
 
LVL 14

Accepted Solution

by:
AvonWyss earned 1200 total points
ID: 6479029
JimBob, Microsoft explains the registry setting here:

http://msdn.microsoft.com/library/en-us/com/hh/com/security_3jw9.asp
and
http://msdn.microsoft.com/library/en-us/com/hh/com/reg_33y1.asp

The binary data inside these two keys are ACLs. This may help you with the ACLs:

http://msdn.microsoft.com/library/en-us/security/hh/winbase/acctrlow_7ldf.asp

You may also want to have a look at the ACCCTRL and ACLAPI header translations included in Delphi. Unfortunaltely, the ACLAPI.DLL needed for the latter is not part of the standard windows installation.
0
 
LVL 20

Expert Comment

by:Madshi
ID: 6480388
Good comment, AvonWyss...  :-)

I remember having seen the very same question somewhere else somewhen, don't have the link right now. The answer was also to edit the registry directly, if I remember right.

JimBob, if you need help in creating the ACL, you might want to look at my package "madSecurity" (free for non-commercial usage), with which you can e.g. do this:

function WriteAclInString(accountName: string; accessMask: dword) : string;
begin
  with NewAcl do begin
    NewItem(Account(accountName), dwordAccessMask);
    SetLength(result, Size);
    Move(PAcl^, pchar(result)^, Size);
  end;
end;
   
See also:
http://help.madshi.net/Data/ACLs.htm

Of course you can do everything by yourself, too. But creating ACLs is no fun...

Regards, Madshi.
0
 
LVL 5

Author Comment

by:JimBob091197
ID: 6486785
Thanks everybody for your responses.

Madshi, I don't particularly want to pay for a library, but I will bear your solution in mind if nobody else adds further comments. Unfortunately I am busy with other things, so I was hoping not to spend too much time with this problem.

Thanks,
JB
0
 
LVL 20

Expert Comment

by:Madshi
ID: 6486788
>> Madshi, I don't particularly want to pay for a library, but I will bear your solution in mind if nobody else adds further comments

In that case please test my stuff before buying it, not the other way round. I only want satisfied costumers...  :-)
0
 
LVL 5

Author Comment

by:JimBob091197
ID: 6486806
No problem.  ;-)

But what I also said was that I don't have the time right now to go into it, but if nobody can provide my "ideal" answer (see original question) then I will indeed have a look at your components in the next few days.

Cheers,
JB
0
 
LVL 1

Expert Comment

by:pede
ID: 6490611
Listening :o)
0
 
LVL 17

Expert Comment

by:geobul
ID: 9307842
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

accept AvonWyss's comment as answer

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Thanks,

geobul
EE Cleanup Volunteer
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever had your Delphi form/application just hanging while waiting for data to load? This is the article to read if you want to learn some things about adding threads for data loading in the background. First, I'll setup a general applica…
Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question