Solved

DCOMCNFG Settings with Powershell?

Posted on 2016-09-29
4
110 Views
Last Modified: 2016-10-20
In a Windows GUI, I would do this;
DCOMCNFG.EXE
      Computers / My Computer / Properties / COM Security
            Launch and Activate Permissions
                         … add [username] ..... with full privileges

I'd like to put this in a script.  The only things I've found seem to be more trouble than they're worth and I've been tempted to simply continue to do this manually from the GUI.  
But, if there's something I could put into a script that isn't too convolved, then I'd very much appreciate learning what that might be.
0
Comment
Question by:Fred Marshall
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 30

Assisted Solution

by:Rich Weissler
Rich Weissler earned 250 total points (awarded by participants)
ID: 41823337
Should I assume that this article (and this associated script) are what you've found?  It's manipulation of WMI objects... so I don't know if that's what you mean by too convoluted?
0
 
LVL 40

Accepted Solution

by:
footech earned 250 total points (awarded by participants)
ID: 41823477
If you're referring to setting the Defaults and Limits, these settings are stored in the registry under HKLM\SOFTWARE\Microsoft\Ole.  The best way to manage the defaults is with Group Policy, but I don't know about the Limits.  You might check out this page.
http://get-carbon.org/Grant-ComPermission.html
and the related Revoke- and Get- commands on that page.

This page describes the registry entry.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680050(v=vs.85).aspx
To set this (or decipher the value) would take a combination of translating from binary and SDDL.  But you could probably copy the value from a machine where it's already set.

Here's some helper bits for that reg value.
# The binary registry value
$binPerm = (gp "HKLM:\SOFTWARE\Microsoft\Ole").DefaultLaunchPermission

# Converted to SDDL
$SDDL = (([wmiclass]"Win32_SecurityDescriptorHelper").BinarySDToSDDL($binPerm)).SDDL

# The SDDL converted back to binary
$reverse = (([wmiclass]"Win32_SecurityDescriptorHelper").SDDLToBinarySD($SDDL)).BinarySD

# A little validation
If ( (Compare-Object $binPerm $reverse -SyncWindow 1).count -eq 0 )
{ Write-Host "Arrays are identical" }
Else
{ Write-Host "Arrays aren't identical" }

Open in new window

0
 
LVL 26

Author Comment

by:Fred Marshall
ID: 41824482
Rich Weissler:  No, those weren't the ones.  I'll check them out. Thanks.
tooftech:  Thanks for those too!  I'll check them out as well.
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 41851712
Abandoned
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An article on effective troubleshooting
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question