Disabling DCOM in an A.D. domain

During a recent internal security audit, our Qualys scanner flagged a Sev3 vuln on our servers. It is a generic vuln for DCOM being enabled (QID 90042)

It suggested disabling DCOM which seems easy enough to do. My question is whether or not there may be adverse effects in an A.D. domain.

http://technet.microsoft.com/en-us/library/cc771387.aspx
LVL 10
Schuyler DorseyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
It is probably not a good idea to "disable" this, depending on the applicaitons you are running in your environment. Some applicaitons require this and disabling it can/will break it. Are you sure that this Qualys was not generating a false positive? Usually when there are security holes with com or dcom there are security patches released to correct the vulnerability.

Take a look at the below link for detail description of dcom and it's exact function. From there you can make the decision if you want to disable this in your environment.

DCOM - http://technet.microsoft.com/en-us/library/cc958799.aspx

Will.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CoralonSenior Citrix EntineerCommented:
There are a large number of applications and services that depend on DCOM.  I can't imagine a scenario where disabling DCOM wouldn't cause a problem?

I'd be looking enabling the firewalls and opening up DCOM as needed as an alternative.

Coralon
compdigit44Commented:
With any security scan you have to weight the results in proportion to your organization. For example security requirements for a Hospital would differ from that of a Research College. There is no one shoe fits!!!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.