Dcomcnfg – Can’t set Launch and Activation Permissions – Windows Server 2012

dcomwindows-server-2012

I need to modify the Launch and Activation Permissions for the netman area under the Component Services / DCOM Config. However, this area is disabled preventing any changes.

  1. I am in the Administrators group
  2. I launched dcomcnfg with elevated Administrator privileges.

enter image description here

What do I need to do to modify the settings here?

Best Answer

From this blog post,

Look for HKEY_CLASSES_ROOT\AppID\{APPID-GUID}. That should tell you the name of the offending COM component. All you have to do now is go back to the Component Services snapin, find the name of that component, go the security properties of it, and edit the security ACL of that component such that what ever account the event log was bitching about is given whatever access it wanted. If you find that that the security properties of the component are greyed out so that you can't edit it, that's probably because TrustedInstaller has that on lockdown. Go back to the registry, find the corresponding reg key, take ownership/give yourself permissions to it as necessary, restart the service (or reboot the OS,) and then you will be able to modify the security settings on that COM component.

I saw this myself just yesterday with the "SMS Agent" DCOM application. The SMS (or SCCM) agent came preinstalled on the standard OS image that was being deployed to the machines I was working on.

What's happening here is you can't change the permissions, because the permissions are tied to a registry key that you don't have permissions to change because TrustedInstaller has ownership of it. You need to take ownership of the registry key yourself so that you can then modify it.

Related Topic