Scripting

Have a look at DCOM User Rights

I cannot see the solution as we don't have an account.

use dcomperm.exe
MS sDK comes with an c++ example
download from
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcsample98/html/vcsmpdcompermpermissionsforcomserver.asp


I have done it with vbscript; you will need DCOMPerm it is in the SDK or http://www.qodbc.com/QODBCWebAutomaticDCOM.htm
On Error Resume Next

'TRUE = 1
'FALSE = 0
DCP_ACL_LAUNCH = 1
DCP_ACL_ACCESS = 2
DCP_E_NO_ACCESS = &H8004a001
DCP_E_NO_ACL = &H8004a002
DCP_E_INVALID_OBJECT = &H8004a003
DCP_E_INVALID_TYPE = &H8004a004
DCP_E_MUST_BE_ADMIN = &H8004a005
DCP_E_NO_MORE_ENTRIES = &H8004a006
DCP_E_INVALID_VERSION = &H8004a007
DCP_E_OBJ_IS_A_SERVICE = &H8004a008
DCP_E_UNSUPPORTED = &H8004a009
DCP_E_NO_VALUE = &H8004a00a
DCP_E_UNKNOWN_USER = &H8004a00b
DCP_E_NO_APPID = &H8004a00c

Dim GOSh
Dim dcomperm
Set GOSh = CreateObject("WScript.Shell")
Set dcomperm = CreateObject ("DCOMPerm")
If Err Then
Err.Clear
GOSh.run "dcpinst.exe",0,True
Set dcomperm = CreateObject ("DCOMPerm")
If Err Then
WScript.Echo "Unable to install DCOM Permissions! They will have to be set via DCOMCNFG.",,"DCOM Permmissions"
WScript.Quit(1)
End If
End If
dcomperm.AddPrincipal "Appid:{0737E50A-4C76-4ff7-BB21-A85596F0D004}",DCP_ACL_ACCESS, "YOURDOMAIN\YourGroupORUser", "1"
If Err Then
WScript.Echo "Unable to install DCOM Permissions! They will have to be set via DCOMCNFG.",,"DCOM Permmissions"
WScript.Quit(2)
End If
dcomperm.AddPrincipal "Appid:{0737E50A-4C76-4ff7-BB21-A85596F0D004}",DCP_ACL_LAUNCH, "YOURDOMAIN\YourGroupORUser", "1"
If Err Then
WScript.Echo "Unable to install DCOM Permissions! They will have to be set via DCOMCNFG.",,"DCOM Permmissions"
WScript.Quit(2)
End If


I asked MIcrosoft about that and they said me Dcomperm is to add permission not adding roles. They said me to create a vbs using comadmincatalog but there is not much information about that and the examples I found are unclear. Most of them are in VB not vbs or C++.

Create the object using vbscript like this
Set Catalog = CreateObject("COMAdmin.COMAdminCatalog")

MSDN has more then enuf of information for this.
COM+ Administration Collections

Automating COM+ Administration

This should get your started.

Interesting but all of these script are in vb not in vbs. HOw can I convert it?
Where do I take the appid and clsid?

Actually my code look like this:
I am not sure of the CLSID and if someone have an idea where I can take it just to be sure I did ok.

Const AppID = "{02D4B3F1-FD88-11D1-960D-00805FC79235}"
Const CLSID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
Const RoleName = "System Application"
Const AccountName = "Domain Users"
' Add a role to the application.
Dim cat
Set Cat = CreateObject("COMAdmin.COMAdminCatalog")
Dim apps
Set apps = cat.GetCollection("Applications")
apps.Populate
Dim roles
Set roles = apps.GetCollection("Roles", AppID)
Dim role
Set role = roles.Add
role.Value("Name") = RoleName
roles.SaveChanges
' Assign a user account to the role
Dim users
Set users = roles.GetCollection("UsersInRole", role.Key)
Dim user
Set user = users.Add
user.Value("User") = AccountName
users.SaveChanges
' Reconfigure component to grant access to users in role.
Dim comps
Dim comp
Dim ComponentFound
Set comps = apps.GetCollection("Components", AppID)
comps.Populate
For Each comp In comps
If comp.Key = CLSID Then
ComponentFound = True
Exit For
End If
Next
If ComponentFound Then
Dim RolesForComponent
Set RolesForComponent = comps.GetCollection("RolesForComponent", _
CLSID)
Dim RoleForComponent
Set RoleForComponent = RolesForComponent.Add
RoleForComponent.Value("Name") = role.Name
RolesForComponent.SaveChanges
Else
Err.Raise vbObjectError + 1025, , "CLSID " & CLSID & " not found"
End If

I am not sure of the CLSID and if someone have an idea where I can take it just to be sure I did ok.
open regedit and have a search on the COM+ application under "HKCR\CLSID". Under InprocServer32 subkey the default value should hold your DLL (COM+ application) that you search for. The AppId (REG_SZ) value should be what your're after.

Hello everybody,
now I also have to add the users group to that role.

But when I try the script I get the error:
changes to this object and its sub-objects have been disabled (line 16)

:(, which security forbids me the fun?

the second point is, I can not find the CLSID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
The AppID is correct

and also this tool: dcomperm.exe is for me unavailable

I am running Windows XP SP2 in a VM and it would be nice if someone could help me with that

thx in advance

Well,
meanwhile I found the dcomperm on http://www.myitforum.com/articles/11/view.asp?id=9323 but its still not working :(

This is what I get but the user is still not in the Administrator role. I also restarted the computer


DCOMPERM.EXE -al {02D4B3F1-FD88-11D1-960D-00805FC79235} set Usuarios permit level:ll,rl,la,ra
Successfully set the Application Launch ACL.
Remote and Local launch permitted to NT AUTHORITY\SYSTEM.
Remote and Local activation permitted to NT AUTHORITY\SYSTEM.
Remote and Local launch permitted to BUILTIN\Administradores.
Remote and Local activation permitted to BUILTIN\Administradores.
Remote and Local launch permitted to NT AUTHORITY\INTERACTIVE.
Remote and Local activation permitted to NT AUTHORITY\INTERACTIVE.
Remote and Local launch permitted to BUILTIN\Usuarios.
Remote and Local activation permitted to BUILTIN\Usuarios.


Anybody please an Idea?