There isn't a way to do this through a Group Policy but you can do it
through a logon script.
Warning If you disable DCOM, may you may lose operating system
functionality. After you disable support for DCOM, the following may
result:
- Any COM objects that can be activated remotely may not function
correctly.
- The local COM+ snap-in will not be able to connect to remote
servers to enumerate their COM+ catalog.
- Certificate auto-enrollment may not function correctly.
- Windows Management Instrumentation (WMI) queries against remote
servers may not function correctly.
There are potentially many built-in components and 3rd party
applications that will be affected if you disable DCOM. Microsoft
does not recommend that you disable DCOM in your environment until
you have tested to discover what applications are affected.
Disabling DCOM may not be workable in all environments.
Create a reg file with the following contents: (Include all content
between the ===== including the blank line) and save it as
disabledcom.reg.
====================================================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="N"
====================================================
Create a login script with a line similar to the following:
regedit /s \\server\share\disabledcom.reg
When your users log in this should be added to the Registry and will
be in effect on the next reboot.
*** As always you should try this in a lab setting first.***
825750 How to Disable DCOM Support in Windows
http://support.microsoft.com/?id=825750
Tom Ausburne (MSFT)
Windows 2000 Directory Services
This posting is provided "AS IS" with no warranties, and confers no
rights.