Skip to content

How to remotely configure component services

Shane head shot
Shane Corellian|March 25, 2009
Remotely Configuring Component Services
Remotely Configuring Component Services
    No Data

    Setting your Component Services (dcomcnfg.exe) configuration can be more difficult than you think. DCOM (Distributed Component Object Model) can, by default, only be set locally at the workstation. This fact alone can make troubleshooting DCOM configurations a major pain. Enter DCOMACLS.EXE

    If your Component Services security is not set properly you may find that remotely managing your computers is difficult, if not impossible.

    DcomAcls.exe is a free utility that is bundled with Admin Arsenal. It allows you to view and set DCOM security locally OR on remote systems.

    If you want to configure your Component Services locally then you can launch your Component Services manager via Administrative Tools (in the Control Panel) or by Start / Run / dcomcnfg.exe.  To view or configure remotely you will need to use DcomAcls.exe.

    When you select the Properties for My Computer you can view the Default Properties tab. Under COM Security tab you will see the Access Permissions and the Launch and Activation Permissions for COM. Below is an example of the window which will show after pushing the Edit Limits… button under Access Permissions.

    To set the permissions you want WITHOUT having to go to each computer and manually make these settings, you can use the DcomAcls.exe utility in the Program Files\Brisworks\Admin Arsenal directory.

    The command below will give  Allow permissions for Remote Access to the user Domain\Tom.Waits on the computer named Raindog.

    dcomacls.exe -allow AL.R:Domain\Tom.Waits -computer Raindog

    The command below will change the Default Impersonation Level (on the Default Properties tab) to Impersonate on the computer named Raindog.

    dcomacls -property impersonation=impersonate -computer Raindog

    Check out the usage for DcomAcls.exe by running

    dcomacls.exe /?

    DcomAcls.exe does require that the Remote Registry service be running on target systems.

    Shane head shot
    Shane Corellian

    Shane is the co-founder of PDQ.

    Related articles