Solved

DCOMCNFG Settings with Powershell?

Posted on 2016-09-29
4
102 Views
Last Modified: 2016-10-20
In a Windows GUI, I would do this;
DCOMCNFG.EXE
      Computers / My Computer / Properties / COM Security
            Launch and Activate Permissions
                         … add [username] ..... with full privileges

I'd like to put this in a script.  The only things I've found seem to be more trouble than they're worth and I've been tempted to simply continue to do this manually from the GUI.  
But, if there's something I could put into a script that isn't too convolved, then I'd very much appreciate learning what that might be.
0
Comment
Question by:Fred Marshall
  • 2
4 Comments
 
LVL 30

Assisted Solution

by:Rich Weissler
Rich Weissler earned 250 total points (awarded by participants)
ID: 41823337
Should I assume that this article (and this associated script) are what you've found?  It's manipulation of WMI objects... so I don't know if that's what you mean by too convoluted?
0
 
LVL 40

Accepted Solution

by:
footech earned 250 total points (awarded by participants)
ID: 41823477
If you're referring to setting the Defaults and Limits, these settings are stored in the registry under HKLM\SOFTWARE\Microsoft\Ole.  The best way to manage the defaults is with Group Policy, but I don't know about the Limits.  You might check out this page.
http://get-carbon.org/Grant-ComPermission.html
and the related Revoke- and Get- commands on that page.

This page describes the registry entry.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680050(v=vs.85).aspx
To set this (or decipher the value) would take a combination of translating from binary and SDDL.  But you could probably copy the value from a machine where it's already set.

Here's some helper bits for that reg value.
# The binary registry value
$binPerm = (gp "HKLM:\SOFTWARE\Microsoft\Ole").DefaultLaunchPermission

# Converted to SDDL
$SDDL = (([wmiclass]"Win32_SecurityDescriptorHelper").BinarySDToSDDL($binPerm)).SDDL

# The SDDL converted back to binary
$reverse = (([wmiclass]"Win32_SecurityDescriptorHelper").SDDLToBinarySD($SDDL)).BinarySD

# A little validation
If ( (Compare-Object $binPerm $reverse -SyncWindow 1).count -eq 0 )
{ Write-Host "Arrays are identical" }
Else
{ Write-Host "Arrays aren't identical" }

Open in new window

0
 
LVL 26

Author Comment

by:Fred Marshall
ID: 41824482
Rich Weissler:  No, those weren't the ones.  I'll check them out. Thanks.
tooftech:  Thanks for those too!  I'll check them out as well.
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 41851712
Abandoned
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question