Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Customise DCOM Config properties programatically

Posted on 2013-11-14
4
Medium Priority
?
1,714 Views
Last Modified: 2013-12-02
Set DCOM Config application security settings using VBScript. Specifically I want to be able to set the Security > Access Permissions to 'Customize' rather than 'Use Default'. And then add a user to the customized DCOM Config application with both Local and Remote access.

Is this possible to do with a VBScript?
0
Comment
Question by:Blowfelt82
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 39650086
It is technically possible, but it's by no means easy.

There's a an example of scripting DCOM permissions here:
http://unlockpowershell.wordpress.com/2009/11/20/script-remote-dcom-wmi-access-for-a-domain-user/

And here is a thread I worked on for a while to change DCOM (and WMI) permissions, by interrogating current permissions, matching that against a required SDDL, and changing if required.
http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_27812807.html

If you have a browse of that, and still want to tackle it, I can help you try to come up with something.

Regards,

Rob.
0
 

Author Comment

by:Blowfelt82
ID: 39656208
Thanks for the links, they look useful but a bit more involved than I had hoped. I have found an existing tool named dcomperm which looks to do everything I will need so will try and make do with that. Thanks for the offer of help much appreciated
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 2000 total points
ID: 39657947
Hmmm, never saw the DCOMPerm utility.  I found some command line help for that tool, but it's available with source from the Windows SDK, so you either need to compile it yourself, or find a compiled version.

Here is the usage:
Syntax: dcomperm <option> [...] 
Options:

Modify or list the machine access permission list 
-ma <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-ma list

Modify or list the machine launch permission list 
-ml <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-ml list

Modify or list the default access permission list 
-da <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-da list

Modify or list the default launch permission list 
-dl <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-dl list

Modify or list the access permission list for a specific AppID 
-aa <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-aa <AppID> default 
-aa <AppID> list

Modify or list the launch permission list for a specific AppID 
-al <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-al <AppID> default 
-al <AppID> list

level: 
    ll - local launch (only applies to {ml, dl, al} options) 
    rl - remote launch (only applies to {ml, dl, al} options) 
    la - local activate (only applies to {ml, dl, al} options) 
    ra - remote activate (only applies to {ml, dl, al} options) 
    l - local (local access - means launch and activate when used with {ml, dl, al} options) 
    r - remote (remote access - means launch and activate when used with {ml, dl, al} options)

Open in new window


So it looks like, along with knowing the AppID you're after, you should be able to do it using principal names.

Regards,

Rob.
0
 

Author Closing Comment

by:Blowfelt82
ID: 39690135
Sorry for the late reply.
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
When you see single cell contains number and text, and you have to get any date out of it seems like cracking our heads.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question