Remotely Configuring Component Services

 

Setting your Component Services (dcomcnfg.exe) configuration can be more difficult than you think. DCOM (Distributed Component Object Model) can, by default, only be set locally at the workstation. This fact alone can make troubleshooting DCOM configurations a major pain. Enter 
DCOMACLS.EXE

If your Component Services security is not set properly you may find that remotely managing your computers is difficult, if not impossible.

DcomAcls.exe is a free utility that is bundled with Admin Arsenal. It allows you to view and set DCOM security locally OR on remote systems.

If you want to configure your Component Services locally then you can launch your Component Services manager via Administrative Tools (in the Control Panel) or by Start / Run / dcomcnfg.exe.  To view or configure remotely you will need to use DcomAcls.exe.

When you select the Properties for My Computer you can view the Default Properties tab. Under COM Security tab you will see the Access Permissions and the Launch and Activation Permissions for COM. Below is an example of the window which will show after pushing the Edit Limits… button under Access Permissions.

To set the permissions you want WITHOUT having to go to each computer and manually make these settings, you can use the DcomAcls.exe utility in the Program Files\Brisworks\Admin Arsenal directory.

The command below will give  Allow permissions for Remote Access to the user Domain\Tom.Waits on the computer named Raindog.

dcomacls.exe -allow AL.R:Domain\Tom.Waits -computer Raindog

The command below will change the Default Impersonation Level (on the Default Properties tab) to Impersonate on the computer named Raindog.

dcomacls -property impersonation=impersonate -computer Raindog

Check out the usage for DcomAcls.exe by running

dcomacls.exe /?

DcomAcls.exe does require that the Remote Registry service be running on target systems.