DCOMCNFG Settings with Powershell?

In a Windows GUI, I would do this;
DCOMCNFG.EXE
      Computers / My Computer / Properties / COM Security
            Launch and Activate Permissions
                         … add [username] ..... with full privileges

I'd like to put this in a script.  The only things I've found seem to be more trouble than they're worth and I've been tempted to simply continue to do this manually from the GUI.  
But, if there's something I could put into a script that isn't too convolved, then I'd very much appreciate learning what that might be.
LVL 27
Fred MarshallPrincipalAsked:
Who is Participating?
 
footechConnect With a Mentor Commented:
If you're referring to setting the Defaults and Limits, these settings are stored in the registry under HKLM\SOFTWARE\Microsoft\Ole.  The best way to manage the defaults is with Group Policy, but I don't know about the Limits.  You might check out this page.
http://get-carbon.org/Grant-ComPermission.html
and the related Revoke- and Get- commands on that page.

This page describes the registry entry.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680050(v=vs.85).aspx
To set this (or decipher the value) would take a combination of translating from binary and SDDL.  But you could probably copy the value from a machine where it's already set.

Here's some helper bits for that reg value.
# The binary registry value
$binPerm = (gp "HKLM:\SOFTWARE\Microsoft\Ole").DefaultLaunchPermission

# Converted to SDDL
$SDDL = (([wmiclass]"Win32_SecurityDescriptorHelper").BinarySDToSDDL($binPerm)).SDDL

# The SDDL converted back to binary
$reverse = (([wmiclass]"Win32_SecurityDescriptorHelper").SDDLToBinarySD($SDDL)).BinarySD

# A little validation
If ( (Compare-Object $binPerm $reverse -SyncWindow 1).count -eq 0 )
{ Write-Host "Arrays are identical" }
Else
{ Write-Host "Arrays aren't identical" }

Open in new window

0
 
Rich WeisslerConnect With a Mentor Professional Troublemaker^h^h^h^h^hshooterCommented:
Should I assume that this article (and this associated script) are what you've found?  It's manipulation of WMI objects... so I don't know if that's what you mean by too convoluted?
0
 
Fred MarshallPrincipalAuthor Commented:
Rich Weissler:  No, those weren't the ones.  I'll check them out. Thanks.
tooftech:  Thanks for those too!  I'll check them out as well.
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
Abandoned
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.