[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

DCOMCNFG Settings with Powershell?

Posted on 2016-09-29
4
Medium Priority
?
207 Views
Last Modified: 2016-10-20
In a Windows GUI, I would do this;
DCOMCNFG.EXE
      Computers / My Computer / Properties / COM Security
            Launch and Activate Permissions
                         … add [username] ..... with full privileges

I'd like to put this in a script.  The only things I've found seem to be more trouble than they're worth and I've been tempted to simply continue to do this manually from the GUI.  
But, if there's something I could put into a script that isn't too convolved, then I'd very much appreciate learning what that might be.
0
Comment
Question by:Fred Marshall
  • 2
4 Comments
 
LVL 30

Assisted Solution

by:Rich Weissler
Rich Weissler earned 1000 total points (awarded by participants)
ID: 41823337
Should I assume that this article (and this associated script) are what you've found?  It's manipulation of WMI objects... so I don't know if that's what you mean by too convoluted?
0
 
LVL 41

Accepted Solution

by:
footech earned 1000 total points (awarded by participants)
ID: 41823477
If you're referring to setting the Defaults and Limits, these settings are stored in the registry under HKLM\SOFTWARE\Microsoft\Ole.  The best way to manage the defaults is with Group Policy, but I don't know about the Limits.  You might check out this page.
http://get-carbon.org/Grant-ComPermission.html
and the related Revoke- and Get- commands on that page.

This page describes the registry entry.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680050(v=vs.85).aspx
To set this (or decipher the value) would take a combination of translating from binary and SDDL.  But you could probably copy the value from a machine where it's already set.

Here's some helper bits for that reg value.
# The binary registry value
$binPerm = (gp "HKLM:\SOFTWARE\Microsoft\Ole").DefaultLaunchPermission

# Converted to SDDL
$SDDL = (([wmiclass]"Win32_SecurityDescriptorHelper").BinarySDToSDDL($binPerm)).SDDL

# The SDDL converted back to binary
$reverse = (([wmiclass]"Win32_SecurityDescriptorHelper").SDDLToBinarySD($SDDL)).BinarySD

# A little validation
If ( (Compare-Object $binPerm $reverse -SyncWindow 1).count -eq 0 )
{ Write-Host "Arrays are identical" }
Else
{ Write-Host "Arrays aren't identical" }

Open in new window

0
 
LVL 26

Author Comment

by:Fred Marshall
ID: 41824482
Rich Weissler:  No, those weren't the ones.  I'll check them out. Thanks.
tooftech:  Thanks for those too!  I'll check them out as well.
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 41851712
Abandoned
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month19 days, 13 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question