Solved

Modify REG_BINARY values?

Posted on 2004-09-15
3
1,598 Views
Last Modified: 2008-01-09
In reference to http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx#EIAA concerning XP SP2 and DCOM.

<article>
"Alternatively, you can configure these ACL settings using the registry.

These ACLs are stored in the registry at the following locations:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
\MachineAccessRestriction= ACL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
\MachineLaunchRestriction= ACL

This is a named-value that is set to a REG_BINARY type that contains data describing the ACL of the principals that can access any COM class or COM object on the computer. The access rights in the ACL are:

COM_RIGHTS_EXECUTE 1

COM_RIGHTS_EXECUTE_LOCAL 2

COM_RIGHTS_EXECUTE_REMOTE 4

COM_RIGHTS_ACTIVATE_LOCAL 8

COM_RIGHTS_ACTIVATE_REMOTE 16

These ACLs can be created using normal security functions. Note that COM_RIGHTS_EXECUTE rights must always be present, because absence of this right will generate an invalid security descriptor.

Only users with Administrator rights can modify these settings."
</article>

I would like to edit the REG_BINARY "ACL"s mentioned in the article, but I have no idea how.  A program we run at the office here requires DCOM permissions that are different than the defaults.  This program is installed on 50 machines, and I'm looking for an easier way to make these changes other than walking around to 50 machines, opening Component Services, ....  Please note that I'm just the IT person in charge of this program at my company; I'm not a developer of this software.

So, is there a way to edit these REG_BINARY values do set them the way I want?  If there is, I was hoping to save the appropriate registry key and use a batch file that each user can run themselves.

I've already tried to make changes in Component Services, then copy the "before" and "after" reg keys to notepad, but I didn't recognize a difference between the two.

This isn't an urgent question, but I have a feeling it may be difficult or require a bit of work, so I assigned points accordingly.
0
Comment
Question by:JohnK813
  • 2
3 Comments
 
LVL 20

Accepted Solution

by:
DVation191 earned 500 total points
ID: 12064962
I would do this...

Configure one workstation to have the ACL configuration. Then export the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole key to your desktop.
Right click the .reg file and edit it, deleting the parts that don't need to be changed.

Then open up notepad, and type..

CLS
@ECHO OFF
ECHO.
ECHO Changing DCOM ACL COnfiguration
ECHO Please wait...
REGEDIT /S ACL[your registry key's name].reg
ECHO.
PAUSE
EXIT


Then save the notepad file as "ACL.BAT". Keep the reg key and the bat file in the same directory and now you will be able to make the changes in seconds instead of minutes.
0
 
LVL 14

Author Comment

by:JohnK813
ID: 12065207
Well, wouldn't you know it.  I assumed the "before" and "after" reg keys were the same because they looked the same, but I never tried running them.  Of course, your suggestion worked right away.

Thanks DVation.  Now all I need to do is combine that batch with the one that modifies the firewall settings (that was a little easier to figure out) and stick it on a network drive, and I'm set.  Thanks again for making my work a lot easier!
0
 
LVL 20

Expert Comment

by:DVation191
ID: 12065249
no problem...i do it at my place of work all the time ;)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question