Solved

Customise DCOM Config properties programatically

Posted on 2013-11-14
4
1,335 Views
Last Modified: 2013-12-02
Set DCOM Config application security settings using VBScript. Specifically I want to be able to set the Security > Access Permissions to 'Customize' rather than 'Use Default'. And then add a user to the customized DCOM Config application with both Local and Remote access.

Is this possible to do with a VBScript?
0
Comment
Question by:Blowfelt82
  • 2
  • 2
4 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 39650086
It is technically possible, but it's by no means easy.

There's a an example of scripting DCOM permissions here:
http://unlockpowershell.wordpress.com/2009/11/20/script-remote-dcom-wmi-access-for-a-domain-user/

And here is a thread I worked on for a while to change DCOM (and WMI) permissions, by interrogating current permissions, matching that against a required SDDL, and changing if required.
http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_27812807.html

If you have a browse of that, and still want to tackle it, I can help you try to come up with something.

Regards,

Rob.
0
 

Author Comment

by:Blowfelt82
ID: 39656208
Thanks for the links, they look useful but a bit more involved than I had hoped. I have found an existing tool named dcomperm which looks to do everything I will need so will try and make do with that. Thanks for the offer of help much appreciated
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 39657947
Hmmm, never saw the DCOMPerm utility.  I found some command line help for that tool, but it's available with source from the Windows SDK, so you either need to compile it yourself, or find a compiled version.

Here is the usage:
Syntax: dcomperm <option> [...] 
Options:

Modify or list the machine access permission list 
-ma <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-ma list

Modify or list the machine launch permission list 
-ml <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-ml list

Modify or list the default access permission list 
-da <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-da list

Modify or list the default launch permission list 
-dl <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-dl list

Modify or list the access permission list for a specific AppID 
-aa <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-aa <AppID> default 
-aa <AppID> list

Modify or list the launch permission list for a specific AppID 
-al <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-al <AppID> default 
-al <AppID> list

level: 
    ll - local launch (only applies to {ml, dl, al} options) 
    rl - remote launch (only applies to {ml, dl, al} options) 
    la - local activate (only applies to {ml, dl, al} options) 
    ra - remote activate (only applies to {ml, dl, al} options) 
    l - local (local access - means launch and activate when used with {ml, dl, al} options) 
    r - remote (remote access - means launch and activate when used with {ml, dl, al} options)

Open in new window


So it looks like, along with knowing the AppID you're after, you should be able to do it using principal names.

Regards,

Rob.
0
 

Author Closing Comment

by:Blowfelt82
ID: 39690135
Sorry for the late reply.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have already been in the need to update a whole folder stucture using a script. Robocopy does it well and even provides a list of non-updated files in a log (if asked to). Generally those files that were locked by a user or a process by the …
When you see single cell contains number and text, and you have to get any date out of it seems like cracking our heads.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question