Disabling DCOM on remote clients

Posted on 2006-05-18
Last Modified: 2012-08-13
I need to disable the distributed COM on about 100 there a tool out there that would let me do that remotely????


Question by:mcguires13
    LVL 6

    Accepted Solution

    100 computers.... Id say you have your work cut out for you.

    Steve Gibson has a useful tool that will test and disable DCOM.
    Its not remotely administered, but it might save you some time.
    LVL 69

    Assisted Solution

    Hi this is only a stab in the dark as I donot have a lot of experience in this area, I would like to sight this web page,
    as no other EE have offered help, maybe it will jog some reponses.:)

    Enabling and Disabling DCOM
    When a computer is part of a network, the DCOM wire protocol enables COM objects on that computer to communicate with COM objects on other computers. You can disable DCOM for a particular computer, but doing so will disable all communication between objects on that computer and objects on other computers.

    Disabling DCOM on a computer has no effect on local COM objects. COM still looks for launch permissions that you have specified. If no launch permissions have been specified, default launch permissions are used. Even if you disable DCOM, if a user has physical access to the computer, they could launch a server on the computer unless you set launch permissions not to allow it.

    Warning   If you disable DCOM on a remote computer, you will not be able to remotely access that computer afterwards to reenable DCOM. To reenable DCOM, you will need physical access to that computer.

        To manually enable (or disable) DCOM for a computer:

    Run Dcomcnfg.exe.
    Choose the Default Properties tab.
    Select (or clear) the Enable Distributed COM on this Computer check box.
    If you will be setting more properties for the machine, click the Apply button to enable (or disable) DCOM. Otherwise, click OK to apply the changes and exit Dcomcnfg.exe.

    You may want to take a look at this too.
    DCOM, XP SP2, and Remote Debugging

    Hope it helps.
    LVL 10

    Expert Comment

    by:Walter Padrón
    Hi mcguires13,

    You need to change the registry HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\EnableDCOM to "N", if you have an active directory domain you can modify the registry via Group Policy or run a Logon Script.

    See this "How to disable DCOM support in Windows" for more info.


    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
    The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. Once you open the link you will see …
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now