Changing DCOM application launch permissions

  • Thread starter Thread starter Roger
  • Start date Start date
R

Roger

I'm attempting to change the Launch and Activation Permissions of a DCOM
application using VBScript. According to this MSDN article
(http://msdn.microsoft.com/library/d...ging_access_security_on_securable_objects.asp)
I should be able to use the GetLaunchSecurityDescriptor and
SetLaunchSecurityDescriptor methods of the Win32_DCOMApplicationSetting
class to get or change the security descriptors, but according to this page
(http://msdn.microsoft.com/library/d...s/wmisdk/wmi/win32_dcomapplicationsetting.asp)
the class has no methods. When I try to use the method in a script, I
receive the error "Microsoft VBScript runtime error: Object doesn't support
this property or method". Does anyone know if these methods actually exist,
and if not, if there is an alternate way of programmatically change these
access rights with a script?

Thanks in advance,
Roger
 
Roger said:
I'm attempting to change the Launch and Activation Permissions of a DCOM
application using VBScript. According to this MSDN article
(http://msdn.microsoft.com/library/d...ging_access_security_on_securable_objects.asp)
I should be able to use the GetLaunchSecurityDescriptor and
SetLaunchSecurityDescriptor methods of the Win32_DCOMApplicationSetting
class to get or change the security descriptors
Click to expand...

Note that it says "Security descriptors are returned as instances of the
Win32_SecurityDescriptor class.".
Does anyone know if these methods actually exist
Click to expand...

I searched the MSDN for "GetLaunchSecurityDescriptor" and the only result is
the page you referred to. So the documentation seems incomplete. I don't
know a lot about WMI but I would expect there to be documentation of the
methods somewhere. Note that the documentation where
GetLaunchSecurityDescriptor does appear is suspiciously incomplete in that
the sentence ends with a comma.
 
The MSDN article states that you have to be using either Longhorn server or
Vista client to use this property - if using current windows server / client
versions, the class will not exist - ms have obviously only just added this
 
theres a command line utility called dcomperm.exe that you can call from a
script to set these eprmissions instead if required
 
Back
Top