DCOM Permissions

The DCOMPERM sample provides source code and several wrapper functions to simplify the process of manipulating the access and launch permissions for a COM server. Additionally, this sample provides code which demonstrates how to set and retrieve the RunAs password for a COM server.

ChangeDefaultAccessACL

 DWORD
ChangeDefaultAccessACL (
LPTSTR tszPrincipal,
BOOL fSetPrincipal,
BOOL fPermit,
DWORD dwAccessMask
);

Description:    Modify the default access access control list. The system uses the default access ACL to determine if a principal is allowed to access the COM server if the COM server does not have its own access ACL in the AppID section of the registry.

Parameters:    

tszPrincipal

 Name of user or group (e.g. "redmond\johndoe")

fSetPrincipal

TRUE if you want to add/update the principal's entry in the ACL, FALSE if you want to remove the principal from the ACL

fPermit

TRUE if you want to allow the principal to access the object, FALSE if you want to prevent the principal from accessing the object

dwAccessMask

Specifies what type of access the principal is to be given.  Can be any combination of the COM_RIGHTS_* values

(Note that the Permit flag applies only when SetPrincipal is TRUE.)

ChangeAppIDAccessACL

DWORD
ChangeAppIDAccessACL (
LPTSTR tszAppID,
LPTSTR tszPrincipal,
BOOL fSetPrincipal,
BOOL fPermit,
DWORD dwAccessMask
);

Modify an AppID's access access control list. The system uses the AppID access ACL to determine if a principal is allowed to access the COM server associated with the AppID.

Parameters:

tszAppID

The Application ID you wish to modify (e.g. "{99999999-9999-9999-9999-00AA00BBF7C7}")

tszPrincipal

 Name of user or group (e.g. "redmond\johndoe")

fSetPrincipal

TRUE if you want to add/update the principal's entry in the ACL, FALSE if you want to remove the principal from the ACL

fPermit

TRUE if you want to allow the principal to access the object, FALSE if you want to prevent the principal from accessing the object

dwAccessMask

Specifies what type of access the principal is to be given.  Can be any combination of the COM_RIGHTS_* values

(Note that the Permit flag applies only when SetPrincipal is TRUE.)

ChangeDefaultLaunchACL

DWORD
ChangeDefaultLaunchACL (
LPTSTR tszPrincipal,
BOOL fSetPrincipal,
BOOL fPermit,
DWORD dwAccessMask
);

Modify the default launch access control list. The system uses the default launch ACL to determine if a principal is allowed to launch a COM server if the COM server does not have its own launch ACL in the AppID section of the registry.

Parameters:

tszPrincipal

 Name of user or group (e.g. "redmond\johndoe")

fSetPrincipal   

TRUE if you want to add/update the principal's entry in the ACL, FALSE if you want to remove the principal from the ACL

fPermit

TRUE if you want to allow the principal to launch the object FALSE if you want to prevent the principal from launching the object

dwAccessMask

Specifies what type of access the principal is to be given.  Can be any combination of the COM_RIGHTS_* values

(Note that the Permit flag applies only when SetPrincipal is TRUE.)

ChangeMachineAccessACL

 DWORD
ChangeMachineAccessACL (
LPTSTR tszPrincipal,
BOOL fSetPrincipal,
BOOL fPermit,
DWORD dwAccessMask
);

Modify the machine-wide access access control list. The system uses the machine-wide access ACL to determine the type of access a principal has to servers on this machine.  This value will override any default or application specific settings.

 Parameters:    

tszPrincipal

 Name of user or group (e.g. "redmond\johndoe")

fSetPrincipal

TRUE if you want to add/update the principal's entry in the ACL, FALSE if you want to remove the principal from the ACL

fPermit

TRUE if you want to allow the principal to access the object, FALSE if you want to prevent the principal from accessing the object

dwAccessMask

Specifies what type of access the principal is to be given.  Can be any combination of the COM_RIGHTS_* values

(Note that the Permit flag applies only when SetPrincipal is TRUE.)

ChangeMachineLaunchACL

 DWORD
ChangeMachineLaunchACL (
LPTSTR tszPrincipal,
BOOL fSetPrincipal,
BOOL fPermit,
DWORD dwAccessMask
);

Modify the machine-wide launch access control list. The system uses the machine-wide launch ACL to determine the type of launch and/or activation privileges a principal has for servers on this machine.  This value will override any default or application specific settings.

 Parameters:    

tszPrincipal

 Name of user or group (e.g. "redmond\johndoe")

fSetPrincipal

TRUE if you want to add/update the principal's entry in the ACL, FALSE if you want to remove the principal from the ACL

fPermit

TRUE if you want to allow the principal to access the object, FALSE if you want to prevent the principal from accessing the object

dwAccessMask

Specifies what type of access the principal is to be given.  Can be any combination of the COM_RIGHTS_* values

(Note that the Permit flag applies only when SetPrincipal is TRUE.)

ChangeAppIDLaunchACL 

DWORD
ChangeAppIDLaunchACL (
LPTSTR tszAppID,
LPTSTR tszPrincipal,
BOOL fSetPrincipal,
BOOL fPermit,
DWORD dwAccessMask
);

Modify an AppID's launch access control list. The system uses the AppID launch ACL to determine if a principal (a user or group of users) is allowed to launch the COM server associated with the AppID.

Parameters:

tszAppID

The Application ID you wish to modify (e.g. "{99999999-9999-9999-9999-00AA00BBF7C7}")

tszPrincipal

 Name of user or group (e.g. "redmond\johndoe")

fSetPrincipal

TRUE if you want to add/update the principal's entry in the ACL, FALSE if you want to remove the principal from the ACL

fPermit

TRUE if you want to allow the principal to launch the object FALSE if you want to prevent the principal from launching the object

dwAccessMask

Specifies what type of access the principal is to be given.  Can be any combination of the COM_RIGHTS_* values

(Note that the Permit flag applies only when SetPrincipal is TRUE.)

GetRunAsPassword

DWORD GetRunAsPassword (
LPTSTR tszAppID,
LPTSTR tszPassword
);

Retrieves the RunAs password for an AppID.

Parameters:

tszAppID

The Application ID you wish to modify (e.g. "{99999999-9999-9999-9999-00AA00BBF7C7}")

tszPassword

Password of the user you have specified in the RunAs named value under the AppID registry key.

 

SetRunAsPassword 

DWORD SetRunAsPassword (
LPTSTR tszAppID,
LPTSTR tszPrincipal,
LPTSTR tszPassword
);

Sets the RunAs password for an AppID. Note that if you have specified the RunAs named value to "Interactive User" you do not need to set the RunAs password.

Parameters:

tszAppID

The Application ID you wish to modify (e.g. "{99999999-9999-9999-9999-00AA00BBF7C7}")

tszPrincipal

Name of the principal you have specified in the RunAs named value under the AppID registry key

tszPassword

Password of the user you have specified in the RunAs named value under the AppID registry key.