Solved

DCOMCNFG Settings with Powershell?

Posted on 2016-09-29
4
94 Views
Last Modified: 2016-10-20
In a Windows GUI, I would do this;
DCOMCNFG.EXE
      Computers / My Computer / Properties / COM Security
            Launch and Activate Permissions
                         … add [username] ..... with full privileges

I'd like to put this in a script.  The only things I've found seem to be more trouble than they're worth and I've been tempted to simply continue to do this manually from the GUI.  
But, if there's something I could put into a script that isn't too convolved, then I'd very much appreciate learning what that might be.
0
Comment
Question by:Fred Marshall
  • 2
4 Comments
 
LVL 30

Assisted Solution

by:Rich Weissler
Rich Weissler earned 250 total points (awarded by participants)
ID: 41823337
Should I assume that this article (and this associated script) are what you've found?  It's manipulation of WMI objects... so I don't know if that's what you mean by too convoluted?
0
 
LVL 39

Accepted Solution

by:
footech earned 250 total points (awarded by participants)
ID: 41823477
If you're referring to setting the Defaults and Limits, these settings are stored in the registry under HKLM\SOFTWARE\Microsoft\Ole.  The best way to manage the defaults is with Group Policy, but I don't know about the Limits.  You might check out this page.
http://get-carbon.org/Grant-ComPermission.html
and the related Revoke- and Get- commands on that page.

This page describes the registry entry.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680050(v=vs.85).aspx
To set this (or decipher the value) would take a combination of translating from binary and SDDL.  But you could probably copy the value from a machine where it's already set.

Here's some helper bits for that reg value.
# The binary registry value
$binPerm = (gp "HKLM:\SOFTWARE\Microsoft\Ole").DefaultLaunchPermission

# Converted to SDDL
$SDDL = (([wmiclass]"Win32_SecurityDescriptorHelper").BinarySDToSDDL($binPerm)).SDDL

# The SDDL converted back to binary
$reverse = (([wmiclass]"Win32_SecurityDescriptorHelper").SDDLToBinarySD($SDDL)).BinarySD

# A little validation
If ( (Compare-Object $binPerm $reverse -SyncWindow 1).count -eq 0 )
{ Write-Host "Arrays are identical" }
Else
{ Write-Host "Arrays aren't identical" }

Open in new window

0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 41824482
Rich Weissler:  No, those weren't the ones.  I'll check them out. Thanks.
tooftech:  Thanks for those too!  I'll check them out as well.
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 41851712
Abandoned
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
The following article is intended as a guide to using PowerShell as a more versatile and reliable form of application detection in SCCM.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question