DCOM Access Denied Problem

来源：互联网发布：sql order by limit 1 编辑：程序博客网时间：2024/05/01 15:18

Introduction

What makes you feel better when you work as a team, that there are people near you who can give you help whenever you need, and you have to be ready to help them when they need help. I was working with a team, using COM technology in our project, and we have faced the DCOM problem as most of you, and we have solved it gracefully. We decided as a team to document the required steps to configure a smooth DCOM component. Thanks for Naim Tobassi and Rebat Hiary who made these steps available for me, and now I'm posting these steps for all Code Project people.

DCOM

The Distributed Component Object Model (DCOM) is a protocol that enables software components to communicate directly over a network in a reliable, secure, and efficient manner. Previously called "Network OLE," DCOM is designed for use across multiple network transports, including Internet protocols such as HTTP. DCOM is based on the Open Software Foundation's DCE-RPC spec and will work with both Java applets and ActiveX components through its use of the Component Object Model (COM).

DCOM configuration

Before starting, I’ll define the following terms:

PC1: is the name of the machine which will play the Client role.
PC2: is the name of the machine which will play the Server role (Component will be accessed here).
Rebat Hiary: is the name of the user who will run the applications on PC1 which are needed by the DCOM on PC2.
Naim Tobassi: is the name of the user who will be logged in while accessing the DCOM on PC2.

How to configure the server side

Register you component
Open the dcomcnfg tool
In the Applications tab, select your application, Click on Properties… button
Properties -> General tab -> Authentication Level combo box. Select Default.
Properties -> Location tab. Select Run application on this computer.
Properties -> Security tab. Select Use custom access permissions option box, click on Edit button, and then click on Add button to add the following users (Allow Access):
- Rebat Hiary
Properties -> Security tab. Select Use custom launch permissions option box, click on Edit button, and then click on Add button to add the following users (Allow Launch):
- Rebat Hiary
- PC2/Administrators
- System
- Interactive
Properties -> Security tab. Select Use custom configuration permission option box, click on Edit button, and then click on Add button to add the following users:
- Naim Tobassi
- Rebat Hiary
- Everyone
- System
- Owner creator
- PC2/Power Users
- PC2/Administrators
Properties -> Identity tab. Select The interactive user option box.
Click on OK button to return back to the Distributed COM Configuration Properties window.
Default Properties tab. Select Enable Distributed COM on this computer check box.
Default Properties tab -> Default Authentication Level combo box. Select Connect.
Default Properties tab -> Default Impersonation Level combo box. Select Anonymous.
Default Security tab. On the Default Access Permission frame, click on Edit Default… button, and add the following users (Allow Access):
- Everyone
- Rebat Hiary
Default Security tab. On the Default Launch Permission frame, click on Edit Default… button, and add the following users (Allow Launch):
- Everyone
- Interactive
- PC2/Administrators
- System
- Rebat Hiary
Default Security tab. On the Default Configuration Permissions frame, click on Edit Default… button, and add the following users:
- Naim Tobassi
- Everyone
- System
- Creator Owner
- PC2/Power Users
- PC2/Administrators

How to configure the client side

Register your component.
Open the dcomcnfg tool.
In the Applications tab, select your application and click on Properties… button.
Properties -> General tab -> Authentication Level combo box. Select Default.
Properties -> Location tab. Remove selection from Run application on this computer option box, and selectRun application on the following computer option box. Click on Browse... button, and select the requested target machine (PC2).
Properties -> Security tab. Select Use custom access permissions option box. Click on Edit button, and then click on Add button, add the following users (Allow Access):
- Rebat Hiary
- Everyone
Properties -> Security tab. Select Use custom launch permissions option box, click on Edit button, and then click on Add button, add the following users (Allow Launch):
- Everyone
- Rebat Hiary
- PC1/Administrators
- System
- Interactive
Properties -> Security tab. Select Use custom configuration permission option box, click on Edit button, and then click on Add button, add the following users:
- Rebat Hiary
- Everyone
- System
- Creator Owner
- PC1/Power Users
- PC1/Administrators
Properties -> Identity. Select The interactive user option box.
Click on OK button to return back to the Distributed COM Configuration Properties window.
Default Properties tab. Select Enable Distributed COM on this computer check box.
Default Properties tab -> Default Authentication Level combo box. Select Connect.
Default Properties tab -> Default Impersonation Level combo box. Select Anonymous.
Default Security tab. On the Default Access Permissions frame, click on Edit Default… button, click on Addand add the following users (Allow Access):
- Everyone
- Rebat Hiary
Default Security tab. On the Default Launch Permissions frame click on Edit Default… button, click on Addand add the following users (Allow Launch):
- Interactive
- PC1/Administrators
- System
Default Security tab. On the Default Configuration Permissions frame, click on Edit Default… button, click on Add and add the following users:
- Rebat Hiary
- Everyone
- System
- Creator Owner
- PC1/Power Users
- PC1/Administrators
(VERY IMPORTANT) Delete the EXE component from client machine.

Notes:

If the above steps didn't work with you, you can make the following as extra steps:
- Generate the Proxy/Stub DLL.
- Register it on both machines, PC1 and PC2.
If you found that these steps are missing something important, please, inform me just to update this article.
Warning! Playing with DCOMCNFG tool incorrectly, might harm your machine.

0 0