/build/static/layout/Breadcrumb_cap_w.png

SCripting Com+ (vbs)

What should I do if in com+, I need to add a local group under computers\My computer\Com+ Applications\System Applications\Roles\Administrator?

I need to add the authenticated users group.

0 Comments   [ + ] Show comments

Answers (10)

Posted by: AngelD 14 years ago
Red Belt
0
Have a look at DCOM User Rights
Posted by: Francoisracine 14 years ago
Third Degree Blue Belt
0
I cannot see the solution as we don't have an account.
Posted by: AngelD 14 years ago
Red Belt
0
use dcomperm.exe
MS sDK comes with an c++ example
download from
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcsample98/html/vcsmpdcompermpermissionsforcomserver.asp


I have done it with vbscript; you will need DCOMPerm it is in the SDK or http://www.qodbc.com/QODBCWebAutomaticDCOM.htm
On Error Resume Next

'TRUE = 1
'FALSE = 0
DCP_ACL_LAUNCH = 1
DCP_ACL_ACCESS = 2
DCP_E_NO_ACCESS = &H8004a001
DCP_E_NO_ACL = &H8004a002
DCP_E_INVALID_OBJECT = &H8004a003
DCP_E_INVALID_TYPE = &H8004a004
DCP_E_MUST_BE_ADMIN = &H8004a005
DCP_E_NO_MORE_ENTRIES = &H8004a006
DCP_E_INVALID_VERSION = &H8004a007
DCP_E_OBJ_IS_A_SERVICE = &H8004a008
DCP_E_UNSUPPORTED = &H8004a009
DCP_E_NO_VALUE = &H8004a00a
DCP_E_UNKNOWN_USER = &H8004a00b
DCP_E_NO_APPID = &H8004a00c

Dim GOSh
Dim dcomperm
Set GOSh = CreateObject("WScript.Shell")
Set dcomperm = CreateObject ("DCOMPerm")
If Err Then
Err.Clear
GOSh.run "dcpinst.exe",0,True
Set dcomperm = CreateObject ("DCOMPerm")
If Err Then
WScript.Echo "Unable to install DCOM Permissions! They will have to be set via DCOMCNFG.",,"DCOM Permmissions"
WScript.Quit(1)
End If
End If
dcomperm.AddPrincipal "Appid:{0737E50A-4C76-4ff7-BB21-A85596F0D004}",DCP_ACL_ACCESS, "YOURDOMAIN\YourGroupORUser", "1"
If Err Then
WScript.Echo "Unable to install DCOM Permissions! They will have to be set via DCOMCNFG.",,"DCOM Permmissions"
WScript.Quit(2)
End If
dcomperm.AddPrincipal "Appid:{0737E50A-4C76-4ff7-BB21-A85596F0D004}",DCP_ACL_LAUNCH, "YOURDOMAIN\YourGroupORUser", "1"
If Err Then
WScript.Echo "Unable to install DCOM Permissions! They will have to be set via DCOMCNFG.",,"DCOM Permmissions"
WScript.Quit(2)
End If

Posted by: Francoisracine 14 years ago
Third Degree Blue Belt
0
I asked MIcrosoft about that and they said me Dcomperm is to add permission not adding roles. They said me to create a vbs using comadmincatalog but there is not much information about that and the examples I found are unclear. Most of them are in VB not vbs or C++.
Posted by: AngelD 14 years ago
Red Belt
0
Create the object using vbscript like this
Set Catalog = CreateObject("COMAdmin.COMAdminCatalog")

MSDN has more then enuf of information for this.
COM+ Administration Collections

Automating COM+ Administration

This should get your started.
Posted by: Francoisracine 14 years ago
Third Degree Blue Belt
0
Interesting but all of these script are in vb not in vbs. HOw can I convert it?
Where do I take the appid and clsid?
Posted by: Francoisracine 14 years ago
Third Degree Blue Belt
0
Actually my code look like this:
I am not sure of the CLSID and if someone have an idea where I can take it just to be sure I did ok.

Const AppID = "{02D4B3F1-FD88-11D1-960D-00805FC79235}"
Const CLSID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
Const RoleName = "System Application"
Const AccountName = "Domain Users"
' Add a role to the application.
Dim cat
Set Cat = CreateObject("COMAdmin.COMAdminCatalog")
Dim apps
Set apps = cat.GetCollection("Applications")
apps.Populate
Dim roles
Set roles = apps.GetCollection("Roles", AppID)
Dim role
Set role = roles.Add
role.Value("Name") = RoleName
roles.SaveChanges
' Assign a user account to the role
Dim users
Set users = roles.GetCollection("UsersInRole", role.Key)
Dim user
Set user = users.Add
user.Value("User") = AccountName
users.SaveChanges
' Reconfigure component to grant access to users in role.
Dim comps
Dim comp
Dim ComponentFound
Set comps = apps.GetCollection("Components", AppID)
comps.Populate
For Each comp In comps
If comp.Key = CLSID Then
ComponentFound = True
Exit For
End If
Next
If ComponentFound Then
Dim RolesForComponent
Set RolesForComponent = comps.GetCollection("RolesForComponent", _
CLSID)
Dim RoleForComponent
Set RoleForComponent = RolesForComponent.Add
RoleForComponent.Value("Name") = role.Name
RolesForComponent.SaveChanges
Else
Err.Raise vbObjectError + 1025, , "CLSID " & CLSID & " not found"
End If
Posted by: AngelD 14 years ago
Red Belt
0
I am not sure of the CLSID and if someone have an idea where I can take it just to be sure I did ok.
open regedit and have a search on the COM+ application under "HKCR\CLSID". Under InprocServer32 subkey the default value should hold your DLL (COM+ application) that you search for. The AppId (REG_SZ) value should be what your're after.
Posted by: mac-duff 12 years ago
Second Degree Blue Belt
0
Hello everybody,
now I also have to add the users group to that role.

But when I try the script I get the error:
changes to this object and its sub-objects have been disabled (line 16)

:(, which security forbids me the fun?

the second point is, I can not find the CLSID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
The AppID is correct

and also this tool: dcomperm.exe is for me unavailable

I am running Windows XP SP2 in a VM and it would be nice if someone could help me with that

thx in advance
Posted by: mac-duff 11 years ago
Second Degree Blue Belt
0
Well,
meanwhile I found the dcomperm on http://www.myitforum.com/articles/11/view.asp?id=9323 but its still not working :(

This is what I get but the user is still not in the Administrator role. I also restarted the computer


DCOMPERM.EXE -al {02D4B3F1-FD88-11D1-960D-00805FC79235} set Usuarios permit level:ll,rl,la,ra
Successfully set the Application Launch ACL.
Remote and Local launch permitted to NT AUTHORITY\SYSTEM.
Remote and Local activation permitted to NT AUTHORITY\SYSTEM.
Remote and Local launch permitted to BUILTIN\Administradores.
Remote and Local activation permitted to BUILTIN\Administradores.
Remote and Local launch permitted to NT AUTHORITY\INTERACTIVE.
Remote and Local activation permitted to NT AUTHORITY\INTERACTIVE.
Remote and Local launch permitted to BUILTIN\Usuarios.
Remote and Local activation permitted to BUILTIN\Usuarios.


Anybody please an Idea?
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ