DCOMCNFG without opening the "Component Services" interface

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I would like to know if it is possoble to configure the DCOM properties of
an application without opening the "Component Services" interface, by using
APIs in scripts or in command-line.

I would like to include the "Identity" and "Security" configuration of an
application in a MSI but I did not find how to do. (OS: Windows 2003 Server
and XP)

If it is not possible so I would automate the opening of the properties
windows of the given application in "Component services". (In order to avoid
to expand the folders and search for the application in the tree.)

I thank you in advance for your help.
 
I have no problem with the RunAs property, but I need also to configure the
"AccesPermission" property, a binary value, and the password for the "RunAs"
identity.
I thank you, in advance, for your help,
Melinda

Johannes Passing said:
There is no API for such configuration, the information has to be
written to the registry. The keys and values are documented in [1]. Note
that a subset of these entries can also be set via the AppId table of an
MSI package.

--Johannes

[1] http://msdn2.microsoft.com/en-us/library/ms682359.aspx
Hi,

I would like to know if it is possoble to configure the DCOM properties of
an application without opening the "Component Services" interface, by using
APIs in scripts or in command-line.

I would like to include the "Identity" and "Security" configuration of an
application in a MSI but I did not find how to do. (OS: Windows 2003 Server
and XP)

If it is not possible so I would automate the opening of the properties
windows of the given application in "Component services". (In order to avoid
to expand the folders and search for the application in the tree.)

I thank you in advance for your help.
 
Regarding AccessPermission - first, for the ACL to be meaningful on the
target computer, it must be restricted to refer to builtin accounts only
as only these accounts habe the same SID on all machines.
Second, the format of the ACL blob is, to my knowledge, undocumented and
must be considered being subject to change - creating it on your machine
and copying it to the target machine may thus be brittle and it should
be preferred to assemble it on the target machine. However, the right
way to assemble the ACL blob is to use the COM object with CLSID
CLSID_DCOMAccessControl (implements IAccessControl).

The password is stored in the LSASS password stash - to set it, use
LsaStorePrivateData with a key SCM:{your-appid}.

--Johannes
I have no problem with the RunAs property, but I need also to configure the
"AccesPermission" property, a binary value, and the password for the "RunAs"
identity.
I thank you, in advance, for your help,
Melinda

Johannes Passing said:
There is no API for such configuration, the information has to be
written to the registry. The keys and values are documented in [1]. Note
that a subset of these entries can also be set via the AppId table of an
MSI package.

--Johannes

[1] http://msdn2.microsoft.com/en-us/library/ms682359.aspx
Hi,

I would like to know if it is possoble to configure the DCOM properties of
an application without opening the "Component Services" interface, by using
APIs in scripts or in command-line.

I would like to include the "Identity" and "Security" configuration of an
application in a MSI but I did not find how to do. (OS: Windows 2003 Server
and XP)

If it is not possible so I would automate the opening of the properties
windows of the given application in "Component services". (In order to avoid
to expand the folders and search for the application in the tree.)

I thank you in advance for your help.
 
Back
Top