dcomperm bug

---

• From: Frede <nitsev@xxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 8 Dec 2005 09:11:45 +0100

---

I have been using the dcomperm from the Visual Studio 6 samples to set dcom
security for my dcom servers from a batch file. I have now found out that
the old dcomperm sample is incompatible with the enhanced security model
introduced with Windows XP SP2 and Windows Server 2003 SP1. So I downloaded
the updated sample from the Windows Server 2003 Platform SDK and compiled
it. It is supposed to support both the old (NT, 2000, XP pre SP2, W2k3 pre
SP1) and the new (XP SP2 and w2k3 SP1) formats. E.g. it now supports
setting machine level security (Edit Limits in dcomcnfg). This version
seems to work fine with Windows Server 2003 SP1 and XP SP2 but NOT with
Windows 2000. If I set the access or launch permission for a server and
then open dcomcnfg and click edit to view that the properties has been set
correctly I get the following error message:

"DCOM Configuration Warning
The Security Descriptor contains an Access Control Entry (ACE)
inappropriate to this context. If you continue it will be rewritten as an
Allow ACE in the appropriate access mask. Do you wish to continue?"

If I click OK and continue, all the configured users etc I set using
dcomperm are in the list and are configured correctly, but you get a bit
worried about the error message. Please observe that although this error
occurs I can still launch the server so security seems to be set correctly
anyway (somehow). Also if I click OK in dcomcnfg and apply the changes
(that dcomcnfg does itself) I can verify that dcomcnfg indeed does write
new values to the
[HKEY_CLASSES_ROOT\AppID\{31803844-3E55-11D2-832C-00104B6F5DA6}]
AccessPermission value that is different from what is written by dcomperm.
For some reason the app server still launches and I can access it!

I have searched the net for this error message but haven't found any useful
info about it.

Have anyone else discovered bugs in the new dcomperm sample and what does
the error mean more specifically?

Thanks
Fredrik
.

---

• Prev by Date: Re: DragContext ???
• Next by Date: Inconsistently occurring threading issue
• Previous by thread: WinInet hangs when connecting to web page at InitInstance of OCX
• Next by thread: Inconsistently occurring threading issue
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Termserv loses security settings each night ... Which OS is the server running? ... And which ServicePack? ... Can you give us the *exact* error message that users get? ... Have you checked the domain security policy? ... (microsoft.public.win2000.termserv.apps) Re: Can not Share folders. Im stumped...Help Please ... sharing and security, and then the sharing tab, following screen prompts to ... Security" then click "Share this folder on the network" and then hit ... get the following error message: ... go to services.msc and start the server ... (microsoft.public.windowsxp.help_and_support) RE: Problem fixed ! ... Choose Option "All Tasks/Check & Reset Server Extentions" ... > I used Windows Integrated Security by means of setting up users on Active ... An error message detailing the cause of this specific ... > Manager: Software Solutions ... (microsoft.public.inetserver.iis.security) Windows cannot obtain the domain controller name for your computer network. Return value (59). ... the event log on the server. ... This is the only error message in the ... application event log and it is replicated every 5 minutes or so. ... I have set the security in the ... (microsoft.public.win2000.networking) Windows cannot obtain the domain controller name for your computer network. Return value (59). ... the event log on the server. ... This is the only error message in the ... application event log and it is replicated every 5 minutes or so. ... I have set the security in the ... (microsoft.public.win2000.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)