DCOM object access/launch default permissions

[Guest]

Hi,

We're running a security scan on our XP SP2 boxes and are being asked to
manually check the Access and Launch permissions on all the DCOM objects (we
are not being asked to disable DCOM altogether, interestingly). A number of
the objects use custom permissions - this scan is on a fresh XP load - and we
have to determine whether the accounts with Access/Launch rights are
authorized.

I have been reading MS articles, other posts here, and asked co-workers in
an attempt to understand DCOM, but now I'd like to locate a listing of the
standard DCOM object permissions for various XP objects, such as Automatic
Updates, WIA Device Manager, and Windows Media Player. Some of these list
accounts like SELF that I'm unfamiliar with and I'd like to figure out who is
assigned what rights by XP by default.

If you have any suggestions I will be most appreciative. I suppose we will
try the "disable DCOM and see what breaks" approach later on but for now I
hope we can better understand these more granular assignments. Thanks!

 

[George Hester]

You want to look at dcomcnfg

Start | Run | dcomcnfg

If you have a new install then you can look here what is set by default.
There is no listing that I am aware of which specifies the defaults here.
But if you have not gone in here and changed anything then everything now is
currently at default. Remember this is not something you want to fool
around with you can change the settings and make your system inoperable.

Wow I do not like XP's implementation of this command. It is a MMC. You
will look down Component Services | Computers | My Computer | DCOM Config.
There you will see all your DCOM objects. You choose one and right-click
Properties.

Yikes. Look at this command dcomcnfg in Windows 2000 if you can to get a
better idea what is going on here.