Launch Security

Launch security is automatically applied by the COM runtime when a server application is started due to a remote object creation request. After the request has been received from a client, the COM runtime obtains all the necessary security parameters from the registry if the creating process didn't specifically specify security parameters.

There are two default activation settings in the registry that have machine-wide effect. They are both named values under the same key.

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE

   EnableDCOM = <value>

The value is a string (

REG_SZ

) and can be a Y
or an N
. A value of Y
enables remote activation of COM servers on this machine, any other value disables it. Even when remote activation is disabled, local activation is still allowed and is governed by the specific permissions in the LaunchPermission
key of each class and the default settings in the DefaultLaunchPermission
key.

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE

   DefaultLaunchPermission = <value>

The

DefaultLaunchPermission

value is of type REG_BINARY
and consists of a binary ACL of the principals (accounts or groups) that can have launch classes on this system. The value can be overridden by specifying a LaunchPermission
value in the registry for a particular COM object. By default, the following principals are given 'allow launch' permissions:

Administrators—the administrator group
System—the local system-privileged account
Interactive—corresponding to the user currently logged in at the console

On a per-class basis, security configuration settings are stored as a set of named values under the following key:

HKEY_LOCAL_MACHINE\Software\Classes\AppID\

   {AppID_value}\

      <named_value> = <value>

For a class, the

AppID_value

is a GUID that appears, as a string, under the AppID
named value under the CLSID key of the class. The string {AppID_value}
is used as a subkey under ...\Classes\AppID
.

For an executable, the

AppID_value

is the name of the module (e.g. myapp.exe
). Under the {myapp.exe}
key there's a REG_SZ
named value AppID
with the AppID associated with the executable.

The launch permissions are set in the named value

LaunchPermission

. The type and content of the value is the same as in the DefaultLaunchPermission
. Other named values under the same key are:

AccessPermission
specifying permissions to access running instances of the class. It's used only if the client doesn't call CoInitializeSecurity()
.
RunAs
specifying that the server should run with the security context of the specified user.
LocalService
specifying that the server is a Windows NT service.
ServiceParameters
specifying the parameters to be passed to the service on invocation.
RemoteServerName
specifying the remote machine on which the server will be activated by default, if the client hasn't programmatically requested otherwise (by specifying, for example, a COSERVERINFO
parameter to CoCreateInstanceEx()
).

You can change the default settings through the

Dcomcnfg

utility.

The procedure is similar for setting the security parameters of a specific application.

Other than configuring DCOM security parameters through registry editing, it's also possible to have fine-grain control over these parameters using programmatic means. Let's examine some of the Win32 APIs and COM object interfaces associated with DCOM security control.