Limited Rights IE and BHO problem

[Pieter]

Please point me to an appropriate (managed MSDN) newsgroup if this group is
inappropriate.

On Vista Beta 2:
We have an IE BHO implemented in an in-process DLL.
This BHO calls CoCreateInstance() to create an object implemented in an out
of process COM service.
The COM service is running under the local system account, and calls
CoInitializeSecurity() to allow anonymous local access.
In limited / protected mode IE CoCreateInstance() fails with an access
denied error, and the NT eventlog shows a DCOM error stating a problem with
the object launch permissions.

I tried to implement the "Elevating Broker Processes" section described in
http://msdn.microsoft.com/library/d...ry/en-us/IETechCol/dnwebgen/ProtectedMode.asp
but it still fails. The document is not clear (or I don't understand) so I
tried using the CLSID of the BHO in-proc object and of the out-of-proc COM
object, neither worked.

How can we modify our code to successfully create the out-of-process COM
object from within an in-process BHO in limited mode IE (examples would be
great)?


Btw., I also notice that OutputDebugString() fails to generate any debug
output.
How can we generate debug output from within an in-process BHO in limited
mode IE (other than writing to the \low disk folder)?


Regards
Pieter

 

[Josh]

So is this something that worked with Windows XP and now does not work with
Internet Explorer 7's protected mode? It is unclear from your description.

What are you trying to do with the com object that you need to elevate for?

 

[Pieter]

Josh

This setup works on XP, and it works on Vista in normal mode IE.

The BHO is a shim primarily responsible for UI and IE state control, and it
talks to an out-of-proc COM service that does all the "real" (can't tell)
work.
On Vista protected mode IE the CoCreateInstance() of the out-of-proc COM
object fails.
This is what I am trying to solve.


Regards
Pieter