Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2009
  • Last Modified:

Customise DCOM Config properties programatically

Set DCOM Config application security settings using VBScript. Specifically I want to be able to set the Security > Access Permissions to 'Customize' rather than 'Use Default'. And then add a user to the customized DCOM Config application with both Local and Remote access.

Is this possible to do with a VBScript?
0
Blowfelt82
Asked:
Blowfelt82
  • 2
  • 2
1 Solution
 
RobSampsonCommented:
It is technically possible, but it's by no means easy.

There's a an example of scripting DCOM permissions here:
http://unlockpowershell.wordpress.com/2009/11/20/script-remote-dcom-wmi-access-for-a-domain-user/

And here is a thread I worked on for a while to change DCOM (and WMI) permissions, by interrogating current permissions, matching that against a required SDDL, and changing if required.
http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_27812807.html

If you have a browse of that, and still want to tackle it, I can help you try to come up with something.

Regards,

Rob.
0
 
Blowfelt82Author Commented:
Thanks for the links, they look useful but a bit more involved than I had hoped. I have found an existing tool named dcomperm which looks to do everything I will need so will try and make do with that. Thanks for the offer of help much appreciated
0
 
RobSampsonCommented:
Hmmm, never saw the DCOMPerm utility.  I found some command line help for that tool, but it's available with source from the Windows SDK, so you either need to compile it yourself, or find a compiled version.

Here is the usage:
Syntax: dcomperm <option> [...] 
Options:

Modify or list the machine access permission list 
-ma <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-ma list

Modify or list the machine launch permission list 
-ml <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-ml list

Modify or list the default access permission list 
-da <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-da list

Modify or list the default launch permission list 
-dl <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-dl list

Modify or list the access permission list for a specific AppID 
-aa <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-aa <AppID> default 
-aa <AppID> list

Modify or list the launch permission list for a specific AppID 
-al <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-al <AppID> default 
-al <AppID> list

level: 
    ll - local launch (only applies to {ml, dl, al} options) 
    rl - remote launch (only applies to {ml, dl, al} options) 
    la - local activate (only applies to {ml, dl, al} options) 
    ra - remote activate (only applies to {ml, dl, al} options) 
    l - local (local access - means launch and activate when used with {ml, dl, al} options) 
    r - remote (remote access - means launch and activate when used with {ml, dl, al} options)

Open in new window


So it looks like, along with knowing the AppID you're after, you should be able to do it using principal names.

Regards,

Rob.
0
 
Blowfelt82Author Commented:
Sorry for the late reply.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now