Solved

Disabling DCOM in an A.D. domain

Posted on 2014-01-09
3
939 Views
Last Modified: 2014-01-11
During a recent internal security audit, our Qualys scanner flagged a Sev3 vuln on our servers. It is a generic vuln for DCOM being enabled (QID 90042)

It suggested disabling DCOM which seems easy enough to do. My question is whether or not there may be adverse effects in an A.D. domain.

http://technet.microsoft.com/en-us/library/cc771387.aspx
0
Comment
Question by:Schuyler Dorsey
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39771484
It is probably not a good idea to "disable" this, depending on the applicaitons you are running in your environment. Some applicaitons require this and disabling it can/will break it. Are you sure that this Qualys was not generating a false positive? Usually when there are security holes with com or dcom there are security patches released to correct the vulnerability.

Take a look at the below link for detail description of dcom and it's exact function. From there you can make the decision if you want to disable this in your environment.

DCOM - http://technet.microsoft.com/en-us/library/cc958799.aspx

Will.
0
 
LVL 25

Expert Comment

by:Coralon
ID: 39772942
There are a large number of applications and services that depend on DCOM.  I can't imagine a scenario where disabling DCOM wouldn't cause a problem?

I'd be looking enabling the firewalls and opening up DCOM as needed as an alternative.

Coralon
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 39774016
With any security scan you have to weight the results in proportion to your organization. For example security requirements for a Hospital would differ from that of a Research College. There is no one shoe fits!!!!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Authentication -ldap 1 21
How to get only value in extensionAttribute10 of AD from PowerShell 2 25
Extend AD schema for SCCM 2012 3 26
Powershell query 1 21
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question