Announcement

Collapse
No announcement yet.

Automate change in DCOM configuration

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Automate change in DCOM configuration

    Hi, guys.
    I would like to get your assistance in this one.
    I need to make some changes in DCOM configuration in some 200 computers. It will be very nice to be able to do it centrally, by login script or such. But I couldn't find the way till know.
    My stations are XP SP2 fully updated, in AD environment. The DCOM port is open in the firewall on all of them. The change I need to do can be done in GUI by using DCOMCNFG, and then alter the Launch and Activate Permissions.
    I tried to compare the Registry exported before and after, but I cannot see the forest because all of the trees
    Anyone has an idea how to build the needed REG file? Or is it another way to do it.

    TIA all.

    Sorin Solomon


    In order to succeed, your desire for success should be greater than your fear of failure.
    -

  • #2
    Re: Automate change in DCOM configuration

    from:
    http://technet2.microsoft.com/window...3.mspx?pf=true

    If you want to enable remote activation by a non-administrative COM client (if the risk is acceptable), you will need to change the default configuration for this feature.
    You can change the configuration settings using either the Component Services Microsoft Management Console (MMC) or the Windows registry.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MachineA ccessRestriction= ACL
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MachineL aunchRestriction= ACL


    Group Policy object: Computer Configuration \Windows Settings \Local Policies \Security Options
    "DCOM:Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) Syntax"
    (Existence of this policy, overrides, values in MachineLaunch Restriction, above)

    Group Policy object: Computer Configuration \Windows Settings \Local Policies \Security Options
    "DCOM:Machine Access Restrictions in Security Descriptor Definition Language (SDDL) Syntax"
    (Existence of this policy, overrides, values in MachineAccess Restriction, above)


    \Rems

    This posting is provided "AS IS" with no warranties, and confers no rights.

    __________________

    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts

    Comment


    • #3
      Re: Automate change in DCOM configuration

      10nx, dude.
      Looks like I was so busy looking for differences in REG files, that I forgot the good ol' friend
      10nx again.
      Last edited by sorinso; 16th October 2007, 20:13.

      Sorin Solomon


      In order to succeed, your desire for success should be greater than your fear of failure.
      -

      Comment

      Working...
      X