DCOM objects launch permissions help.

Welcome Forums General PowerShell Q&A DCOM objects launch permissions help.

This topic contains 2 replies, has 2 voices, and was last updated by

2 years, 5 months ago.

  • Author
  • #55484

    Points: 0
    Rank: Member

    Here is an example of what I have been doing.

    $ComName = 'PrintNotify'
    $dcom = Get-WMIObject Win32_DCOMApplicationSetting `
                -Filter "Description='$ComName'" -EnableAllPrivileges
    $asd = $dcom.GetAccessSecurityDescriptor().Descriptor
    $csd = $dcom.GetConfigurationSecurityDescriptor().Descriptor
    $lsd = $dcom.GetLaunchSecurityDescriptor().Descriptor
    write-host "Local Service: " $dcom.LocalService
    write-host "Application ID: " $dcom.AppID
    write-host "Authentication Level: " $dcom.AuthenticationLevel
    write-host "Users: " $lsd.dacl.trustee.name

    So what I can determine is "Authentication Level" of blank = the "default" value. If I change the Authentication to an alternate value it does provide a value.

    However, the big concern is launch permissions. If I add a user and give it any single permission it now shows up as a user. If I remove all permissions it then removes the user from the DCOM object. What I can't figure out is how to determine what permissions are assigned to each user.

    So for example how would I determine that Administrators in this example is set to Local launch/activation but not remote?

  • #55724

    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    Given that DCOM is pretty ancient at this point, you're pretty much limited to what Microsoft has already provided in terms of automation – which ain't much. I'm not sure I'm seeing a way to do what you're asking – partially because that WMI object doesn't recurse through inherited privileges like Administrators would have.

    • #55733

      Points: 0
      Rank: Member

      First, thanks for the response.

      Basically, I am attempting to make a set of scripts that checks permissions for all files/registry keys/dcom etc for an entire installed product. I am leveraging accesschk.exe (from sysinternals) to pull the effective permissions of the registry and filesystem locations and got stuck trying to figure out how to pull DCOM permissions in an automated way.

      Do you know of another alternate way that I could script obtaining the users/permissions from a DCOM object? (If you don't know of the top of your head.. I am going to google/bing it too 🙂

The topic ‘DCOM objects launch permissions help.’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort