Solved

Customise DCOM Config properties programatically

Posted on 2013-11-14
4
1,551 Views
Last Modified: 2013-12-02
Set DCOM Config application security settings using VBScript. Specifically I want to be able to set the Security > Access Permissions to 'Customize' rather than 'Use Default'. And then add a user to the customized DCOM Config application with both Local and Remote access.

Is this possible to do with a VBScript?
0
Comment
Question by:Blowfelt82
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 39650086
It is technically possible, but it's by no means easy.

There's a an example of scripting DCOM permissions here:
http://unlockpowershell.wordpress.com/2009/11/20/script-remote-dcom-wmi-access-for-a-domain-user/

And here is a thread I worked on for a while to change DCOM (and WMI) permissions, by interrogating current permissions, matching that against a required SDDL, and changing if required.
http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_27812807.html

If you have a browse of that, and still want to tackle it, I can help you try to come up with something.

Regards,

Rob.
0
 

Author Comment

by:Blowfelt82
ID: 39656208
Thanks for the links, they look useful but a bit more involved than I had hoped. I have found an existing tool named dcomperm which looks to do everything I will need so will try and make do with that. Thanks for the offer of help much appreciated
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 39657947
Hmmm, never saw the DCOMPerm utility.  I found some command line help for that tool, but it's available with source from the Windows SDK, so you either need to compile it yourself, or find a compiled version.

Here is the usage:
Syntax: dcomperm <option> [...] 
Options:

Modify or list the machine access permission list 
-ma <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-ma list

Modify or list the machine launch permission list 
-ml <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-ml list

Modify or list the default access permission list 
-da <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-da list

Modify or list the default launch permission list 
-dl <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-dl list

Modify or list the access permission list for a specific AppID 
-aa <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] 
-aa <AppID> default 
-aa <AppID> list

Modify or list the launch permission list for a specific AppID 
-al <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] 
-al <AppID> default 
-al <AppID> list

level: 
    ll - local launch (only applies to {ml, dl, al} options) 
    rl - remote launch (only applies to {ml, dl, al} options) 
    la - local activate (only applies to {ml, dl, al} options) 
    ra - remote activate (only applies to {ml, dl, al} options) 
    l - local (local access - means launch and activate when used with {ml, dl, al} options) 
    r - remote (remote access - means launch and activate when used with {ml, dl, al} options)

Open in new window


So it looks like, along with knowing the AppID you're after, you should be able to do it using principal names.

Regards,

Rob.
0
 

Author Closing Comment

by:Blowfelt82
ID: 39690135
Sorry for the late reply.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question