Author Posts

June 29, 2016 at 7:15 am

Howdy,
In DCOM there is an app called: SMS Agent Host with AppID: {AD65A69D-3831-40D7-9629-9B0B50A93843}
I added new user Domain\User to the Launch and Activation Permission section with following settings:
Local Launch = Allow
Remote Launch = Deny
Local Activation = Allow
Remote Activation = Deny

I used this code below to get the current list of users who are configured with Allow and Deny permissions for this App:

(Get-WmiObject -Class Win32_DCOMApplicationSetting -Filter "AppId='{AD65A69D-3831-40D7-9629-9B0B50A93843}'" -EnableAllPrivileges).GetAccessSecurityDescriptor().Descriptor.DACL.Trustee.Name

And the problem is that i always receive a list without the user i added:

Administrators
SYSTEM
INTERACTIVE
LOCAL SERVICE
NETWORK SERVICE
TERMINAL SERVER USER
Administrators
SYSTEM
INTERACTIVE
NETWORK SERVICE
LOCAL SERVICE
TERMINAL SERVER USER

The question is: How can i get the FULL list of users who has any permissions for the DCOM APP in "Launch and Activation Permission" section?

June 30, 2016 at 7:17 pm

GetLaunchSecurityDescriptor()?

July 1, 2016 at 3:58 pm

Hi,
Greatest thanks ever 🙂 sometimes you can look through the code for hours but won't notice a mistake 🙂