What should I do if in com+, I need to add a local group under computers\My computer\Com+ Applications\System Applications\Roles\Administrator?

I need to add the authenticated users group.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Have a look at DCOM User Rights
Answered 10/10/2006 by: AngelD
Red Belt

Please log in to comment
0
I cannot see the solution as we don't have an account.
Answered 10/10/2006 by: Francoisracine
Third Degree Blue Belt

Please log in to comment
0
use dcomperm.exe
MS sDK comes with an c++ example
download from
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcsample98/html/vcsmpdcompermpermissionsforcomserver.asp


I have done it with vbscript; you will need DCOMPerm it is in the SDK or http://www.qodbc.com/QODBCWebAutomaticDCOM.htm
On Error Resume Next

'TRUE = 1
'FALSE = 0
DCP_ACL_LAUNCH = 1
DCP_ACL_ACCESS = 2
DCP_E_NO_ACCESS = &H8004a001
DCP_E_NO_ACL = &H8004a002
DCP_E_INVALID_OBJECT = &H8004a003
DCP_E_INVALID_TYPE = &H8004a004
DCP_E_MUST_BE_ADMIN = &H8004a005
DCP_E_NO_MORE_ENTRIES = &H8004a006
DCP_E_INVALID_VERSION = &H8004a007
DCP_E_OBJ_IS_A_SERVICE = &H8004a008
DCP_E_UNSUPPORTED = &H8004a009
DCP_E_NO_VALUE = &H8004a00a
DCP_E_UNKNOWN_USER = &H8004a00b
DCP_E_NO_APPID = &H8004a00c

Dim GOSh
Dim dcomperm
Set GOSh = CreateObject("WScript.Shell")
Set dcomperm = CreateObject ("DCOMPerm")
If Err Then
Err.Clear
GOSh.run "dcpinst.exe",0,True
Set dcomperm = CreateObject ("DCOMPerm")
If Err Then
WScript.Echo "Unable to install DCOM Permissions! They will have to be set via DCOMCNFG.",,"DCOM Permmissions"
WScript.Quit(1)
End If
End If
dcomperm.AddPrincipal "Appid:{0737E50A-4C76-4ff7-BB21-A85596F0D004}",DCP_ACL_ACCESS, "YOURDOMAIN\YourGroupORUser", "1"
If Err Then
WScript.Echo "Unable to install DCOM Permissions! They will have to be set via DCOMCNFG.",,"DCOM Permmissions"
WScript.Quit(2)
End If
dcomperm.AddPrincipal "Appid:{0737E50A-4C76-4ff7-BB21-A85596F0D004}",DCP_ACL_LAUNCH, "YOURDOMAIN\YourGroupORUser", "1"
If Err Then
WScript.Echo "Unable to install DCOM Permissions! They will have to be set via DCOMCNFG.",,"DCOM Permmissions"
WScript.Quit(2)
End If

Answered 10/10/2006 by: AngelD
Red Belt

Please log in to comment
0
I asked MIcrosoft about that and they said me Dcomperm is to add permission not adding roles. They said me to create a vbs using comadmincatalog but there is not much information about that and the examples I found are unclear. Most of them are in VB not vbs or C++.
Answered 10/11/2006 by: Francoisracine
Third Degree Blue Belt

Please log in to comment
0
Create the object using vbscript like this
Set Catalog = CreateObject("COMAdmin.COMAdminCatalog")

MSDN has more then enuf of information for this.
COM+ Administration Collections

Automating COM+ Administration

This should get your started.
Answered 10/11/2006 by: AngelD
Red Belt

Please log in to comment
0
Interesting but all of these script are in vb not in vbs. HOw can I convert it?
Where do I take the appid and clsid?
Answered 10/12/2006 by: Francoisracine
Third Degree Blue Belt

Please log in to comment
0
Actually my code look like this:
I am not sure of the CLSID and if someone have an idea where I can take it just to be sure I did ok.

Const AppID = "{02D4B3F1-FD88-11D1-960D-00805FC79235}"
Const CLSID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
Const RoleName = "System Application"
Const AccountName = "Domain Users"
' Add a role to the application.
Dim cat
Set Cat = CreateObject("COMAdmin.COMAdminCatalog")
Dim apps
Set apps = cat.GetCollection("Applications")
apps.Populate
Dim roles
Set roles = apps.GetCollection("Roles", AppID)
Dim role
Set role = roles.Add
role.Value("Name") = RoleName
roles.SaveChanges
' Assign a user account to the role
Dim users
Set users = roles.GetCollection("UsersInRole", role.Key)
Dim user
Set user = users.Add
user.Value("User") = AccountName
users.SaveChanges
' Reconfigure component to grant access to users in role.
Dim comps
Dim comp
Dim ComponentFound
Set comps = apps.GetCollection("Components", AppID)
comps.Populate
For Each comp In comps
If comp.Key = CLSID Then
ComponentFound = True
Exit For
End If
Next
If ComponentFound Then
Dim RolesForComponent
Set RolesForComponent = comps.GetCollection("RolesForComponent", _
CLSID)
Dim RoleForComponent
Set RoleForComponent = RolesForComponent.Add
RoleForComponent.Value("Name") = role.Name
RolesForComponent.SaveChanges
Else
Err.Raise vbObjectError + 1025, , "CLSID " & CLSID & " not found"
End If
Answered 10/12/2006 by: Francoisracine
Third Degree Blue Belt

Please log in to comment
0
I am not sure of the CLSID and if someone have an idea where I can take it just to be sure I did ok.
open regedit and have a search on the COM+ application under "HKCR\CLSID". Under InprocServer32 subkey the default value should hold your DLL (COM+ application) that you search for. The AppId (REG_SZ) value should be what your're after.
Answered 10/12/2006 by: AngelD
Red Belt

Please log in to comment
0
Hello everybody,
now I also have to add the users group to that role.

But when I try the script I get the error:
changes to this object and its sub-objects have been disabled (line 16)

:(, which security forbids me the fun?

the second point is, I can not find the CLSID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
The AppID is correct

and also this tool: dcomperm.exe is for me unavailable

I am running Windows XP SP2 in a VM and it would be nice if someone could help me with that

thx in advance
Answered 08/29/2008 by: mac-duff
Second Degree Blue Belt

Please log in to comment
0
Well,
meanwhile I found the dcomperm on http://www.myitforum.com/articles/11/view.asp?id=9323 but its still not working :(

This is what I get but the user is still not in the Administrator role. I also restarted the computer


DCOMPERM.EXE -al {02D4B3F1-FD88-11D1-960D-00805FC79235} set Usuarios permit level:ll,rl,la,ra
Successfully set the Application Launch ACL.
Remote and Local launch permitted to NT AUTHORITY\SYSTEM.
Remote and Local activation permitted to NT AUTHORITY\SYSTEM.
Remote and Local launch permitted to BUILTIN\Administradores.
Remote and Local activation permitted to BUILTIN\Administradores.
Remote and Local launch permitted to NT AUTHORITY\INTERACTIVE.
Remote and Local activation permitted to NT AUTHORITY\INTERACTIVE.
Remote and Local launch permitted to BUILTIN\Usuarios.
Remote and Local activation permitted to BUILTIN\Usuarios.


Anybody please an Idea?
Answered 10/20/2009 by: mac-duff
Second Degree Blue Belt

Please log in to comment
Answer this question or Comment on this question for clarity