StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>Looks like you would do it using WMI.</p> <p>Get an instance of: <code>Win32_DCOMApplicationSetting</code> like this:</p> <pre><code>$dcom = Get-WMIObject -Class Win32_DCOMApplicationSetting -Filter 'Description="Something"' </code></pre> <p>Now you have access to the <code>SetAccessSecurityDescriptor</code> and <code>SetLaunchSecurityDescriptor</code> methods.</p> <p>From: <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa384905(v=vs.85).aspx">http://msdn.microsoft.com/en-us/library/windows/desktop/aa384905(v=vs.85).aspx</a></p> <blockquote> <p>DCOM applications</p> <p>DCOM application instances have several security descriptors. Starting with Windows Vista, use methods of the Win32_DCOMApplicationSetting class to get or change the various security descriptors. Security descriptors are returned as instances of the Win32_SecurityDescriptor class.</p> <p>To get or change the configuration permissions, call the GetConfigurationSecurityDescriptor or SetConfigurationSecurityDescriptor methods.</p> <p>To get or change the access permissions, call the GetAccessSecurityDescriptor or SetAccessSecurityDescriptor methods.</p> <p>To get or change the startup and activation permissions, call the GetLaunchSecurityDescriptor or SetLaunchSecurityDescriptor methods.</p> <p>Windows Server 2003, Windows XP, Windows 2000, Windows NT 4.0, and Windows Me/98/95: The Win32_DCOMApplicationSetting security descriptor methods are not available.</p> </blockquote> <p>There's also a tool called DCOMPERM in which source code is available in the Windows SDK: <a href="http://www.microsoft.com/en-us/download/details.aspx?id=8279">http://www.microsoft.com/en-us/download/details.aspx?id=8279</a></p> <p>You can find compiled versions around online if you search for DCOMPERM compiled.</p> <p>Here are the command line options:</p> <pre><code>Syntax: dcomperm <option> [...] Options: Modify or list the machine access permission list -ma <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] -ma list Modify or list the machine launch permission list -ml <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] -ml list Modify or list the default access permission list -da <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] -da list Modify or list the default launch permission list -dl <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] -dl list Modify or list the access permission list for a specific AppID -aa <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"] -aa <AppID> default -aa <AppID> list Modify or list the launch permission list for a specific AppID -al <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"] -al <AppID> default -al <AppID> list level: ll - local launch (only applies to {ml, dl, al} options) rl - remote launch (only applies to {ml, dl, al} options) la - local activate (only applies to {ml, dl, al} options) ra - remote activate (only applies to {ml, dl, al} options) l - local (local access - means launch and activate when used with {ml, dl, al} options) r - remote (remote access - means launch and activate when used with {ml, dl, al} options) </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload