Solved

Customise DCOM Config properties programatically

Posted on 2013-11-14
4
1,392 Views
Last Modified: 2013-12-02
Set DCOM Config application security settings using VBScript. Specifically I want to be able to set the Security > Access Permissions to 'Customize' rather than 'Use Default'. And then add a user to the customized DCOM Config application with both Local and Remote access.

Is this possible to do with a VBScript?
0
Comment
Question by:Blowfelt82
  • 2
  • 2
4 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 39650086
It is technically possible, but it's by no means easy.

There's a an example of scripting DCOM permissions here:
http://unlockpowershell.wordpress.com/2009/11/20/script-remote-dcom-wmi-access-for-a-domain-user/

And here is a thread I worked on for a while to change DCOM (and WMI) permissions, by interrogating current permissions, matching that against a required SDDL, and changing if required.
http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_27812807.html

If you have a browse of that, and still want to tackle it, I can help you try to come up with something.

Regards,

Rob.
0
 

Author Comment

by:Blowfelt82
ID: 39656208
Thanks for the links, they look useful but a bit more involved than I had hoped. I have found an existing tool named dcomperm which looks to do everything I will need so will try and make do with that. Thanks for the offer of help much appreciated
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 39657947
Hmmm, never saw the DCOMPerm utility.  I found some command line help for that tool, but it's available with source from the Windows SDK, so you either need to compile it yourself, or find a compiled version.

Here is the usage:
Syntax: dcomperm <option> [...] 
Options:

Modify or list the machine access permission list 
-ma <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-ma list

Modify or list the machine launch permission list 
-ml <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-ml list

Modify or list the default access permission list 
-da <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-da list

Modify or list the default launch permission list 
-dl <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-dl list

Modify or list the access permission list for a specific AppID 
-aa <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-aa <AppID> default 
-aa <AppID> list

Modify or list the launch permission list for a specific AppID 
-al <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-al <AppID> default 
-al <AppID> list

level: 
    ll - local launch (only applies to {ml, dl, al} options) 
    rl - remote launch (only applies to {ml, dl, al} options) 
    la - local activate (only applies to {ml, dl, al} options) 
    ra - remote activate (only applies to {ml, dl, al} options) 
    l - local (local access - means launch and activate when used with {ml, dl, al} options) 
    r - remote (remote access - means launch and activate when used with {ml, dl, al} options)

Open in new window


So it looks like, along with knowing the AppID you're after, you should be able to do it using principal names.

Regards,

Rob.
0
 

Author Closing Comment

by:Blowfelt82
ID: 39690135
Sorry for the late reply.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Batch, VBS, and scripts in general are incredibly useful for repetitive tasks.  Some tasks can take a while to complete and it can be annoying to check back only to discover that your script finished 5 minutes ago.  Some scripts may complete nearly …
If like me you are one who spends a lot of time working and scripting with cmd.exe, sometimes it is handy to be able to quickly view a calendar for a given month and year. This script will quickly do just that!  Save the code posted below to a .bat …
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question