Setting your Component Services (dcomcnfg.exe) configuration can be more difficult than you think. DCOM (Distributed Component Object Model) can, by default, only be set locally at the workstation. This fact alone can make troubleshooting DCOM configurations a major pain. Enter DCOMACLS.EXE
If your Component Services security is not set properly you may find that remotely managing your computers is difficult, if not impossible.
If you want to configure your Component Services locally then you can launch your Component Services manager via Administrative Tools (in the Control Panel) or by Start / Run / dcomcnfg.exe. To view or configure remotely you will need to use DcomAcls.exe.
When you select the Properties for My Computer you can view the Default Properties tab. Under COM Security tab you will see the Access Permissions and the Launch and Activation Permissions for COM. Below is an example of the window which will show after pushing the Edit Limits… button under Access Permissions.
To set the permissions you want WITHOUT having to go to each computer and manually make these settings, you can use the DcomAcls.exe utility in the Program Files\Brisworks\Admin Arsenal directory.
The command below will give Allow permissions for Remote Access to the user Domain\Tom.Waits on the computer named Raindog.
dcomacls.exe -allow AL.R:Domain\Tom.Waits -computer Raindog
The command below will change the Default Impersonation Level (on the Default Properties tab) to Impersonate on the computer named Raindog.
dcomacls -property impersonation=impersonate -computer Raindog
Check out the usage for DcomAcls.exe by running
DcomAcls.exe does require that the Remote Registry service be running on target systems.
Shane is the co-founder of PDQ.