Link to home
Start Free TrialLog in
Avatar of hypercube
hypercubeFlag for United States of America

asked on

Deploying DCOM settings with script or GPO.

I have a domain where workstations require DCOMCNFG to make DCOM settings for SIEM monitoring and for a production app's.
It's not too tough to make the settings manually but it's still time-consuming and tedious.
Having a GPO or script to set them would likely be very useful.
IF there were a script, I'd still prefer to deploy via GPO because of Windows updates making changes otherwise.


To be specific, using DCOMCNFG, we need to open My Computer properties and
1) set DOM Security / Access Permissions /Edit Limits by adding adding missing Permissions for Group or User Names and adding names and permissions if missing and
2) to do the same for DOM Security / Launch and Activation Permissions /Edit Limits
And going down the tree hierarchy to Console Root \ Computers \ My Computer \ DCOM Config \ Windows Management and Instrumentation \ Properties \ Security \ Launch and Activation Permissions: adding missing Permissions for Group or User Names and adding names and permissions if missing.

In my research toward doing this, I've not found anything that's very satisfying.  
I'm happy to read and to develop but a better starting point would sure help!
Any suggestions would be appreciated.
Avatar of Darrell Porter
Darrell Porter
Flag of United States of America image

I haven't yet had the need to do this but a quick Google search found
this gem from the Microsoft Script Repository.

If you are not familiar with Powershell, I can take an in-depth look and write a script, with comments, for you.
Avatar of hypercube

ASKER

Darrell:  Yes, I'd seen that.  And, I'm usually able to wade into Powershell things but this one is a bit cryptic for me.  

The key question I have for now is this:
Let's say I want to Grant-DCOMPermission to "joe" and give:
Access Permissions Limits: [All of them]
Launch and Activation Limits:[All of them]
Security \ Launch and Activation Permissions:[All of them]
Where does one get the AppIDs for this to use with the module?
ASKER CERTIFIED SOLUTION
Avatar of Darrell Porter
Darrell Porter
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
And if it is not evident, I tend to not use abbreviations or single-line commands when writing scripts for others.

It has been my experience scripts for others are far less maintainable when written using single-line commands and abbreviations.  This method of writing also makes it more difficult for novices to understand and pick apart.
By ALL, I meant:

For Access Permission / Limits
- Local Access
- Remote Access

For Launch and Activation Permission
- Local Launch
- Remote Launch
- Local Activation
- Remote Activation

But then are are also the App ID settings.  If I understand that, there is only ONE "app": Windows Management and Instrumentation
Thank you!!