Click here to Skip to main content
Click here to Skip to main content

DCOM Access Denied Problem

, 7 Oct 2001
Rate this:
Please Sign up or sign in to vote.
This article will walk you through configuring two computers to share a COM component as a distributed component(DCOM).

Introduction

What makes you feel better when you work as a team, that there are people near you who can give you help whenever you need, and you have to be ready to help them when they need help. I was working with a team, using COM technology in our project, and we have faced the DCOM problem as most of you, and we have solved it gracefully. We decided as a team to document the required steps to configure a smooth DCOM component. Thanks for Naim Tobassi and Rebat Hiary who made these steps available for me, and now I'm posting these steps for all Code Project people.

DCOM

The Distributed Component Object Model (DCOM) is a protocol that enables software components to communicate directly over a network in a reliable, secure, and efficient manner. Previously called "Network OLE," DCOM is designed for use across multiple network transports, including Internet protocols such as HTTP. DCOM is based on the Open Software Foundation's DCE-RPC spec and will work with both Java applets and ActiveX components through its use of the Component Object Model (COM).

DCOM configuration

Before starting, I’ll define the following terms:

  • PC1: is the name of the machine which will play the Client role.
  • PC2: is the name of the machine which will play the Server role (Component will be accessed here).
  • Rebat Hiary: is the name of the user who will run the applications on PC1 which are needed by the DCOM on PC2.
  • Naim Tobassi: is the name of the user who will be logged in while accessing the DCOM on PC2.

How to configure the server side

  • Register you component
  • Open the dcomcnfg tool
  • In the Applications tab, select your application, Click on Properties… button
  • Properties -> General tab -> Authentication Level combo box. Select Default.
  • Properties -> Location tab. Select Run application on this computer.
  • Properties -> Security tab. Select Use custom access permissions option box, click on Edit button, and then click on Add button to add the following users (Allow Access):
    • Rebat Hiary
  • Properties -> Security tab. Select Use custom launch permissions option box, click on Edit button, and then click on Add button to add the following users (Allow Launch):
    • Rebat Hiary
    • PC2/Administrators
    • System
    • Interactive
  • Properties -> Security tab. Select Use custom configuration permission option box, click on Edit button, and then click on Add button to add the following users:
    • Naim Tobassi
    • Rebat Hiary
    • Everyone
    • System
    • Owner creator
    • PC2/Power Users
    • PC2/Administrators
  • Properties -> Identity tab. Select The interactive user option box.
  • Click on OK button to return back to the Distributed COM Configuration Properties window.
  • Default Properties tab. Select Enable Distributed COM on this computer check box.
  • Default Properties tab -> Default Authentication Level combo box. Select Connect.
  • Default Properties tab -> Default Impersonation Level combo box. Select Anonymous.
  • Default Security tab. On the Default Access Permission frame, click on Edit Default… button, and add the following users (Allow Access):
    • Everyone
    • Rebat Hiary
  • Default Security tab. On the Default Launch Permission frame, click on Edit Default… button, and add the following users (Allow Launch):
    • Everyone
    • Interactive
    • PC2/Administrators
    • System
    • Rebat Hiary
  • Default Security tab. On the Default Configuration Permissions frame, click on Edit Default… button, and add the following users:
    • Naim Tobassi
    • Everyone
    • System
    • Creator Owner
    • PC2/Power Users
    • PC2/Administrators

How to configure the client side

  • Register your component.
  • Open the dcomcnfg tool.
  • In the Applications tab, select your application and click on Properties… button.
  • Properties -> General tab -> Authentication Level combo box. Select Default.
  • Properties -> Location tab. Remove selection from Run application on this computer option box, and select Run application on the following computer option box. Click on Browse... button, and select the requested target machine (PC2).
  • Properties -> Security tab. Select Use custom access permissions option box. Click on Edit button, and then click on Add button, add the following users (Allow Access):
    • Rebat Hiary
    • Everyone
  • Properties -> Security tab. Select Use custom launch permissions option box, click on Edit button, and then click on Add button, add the following users (Allow Launch):
    • Everyone
    • Rebat Hiary
    • PC1/Administrators
    • System
    • Interactive
  • Properties -> Security tab. Select Use custom configuration permission option box, click on Edit button, and then click on Add button, add the following users:
    • Rebat Hiary
    • Everyone
    • System
    • Creator Owner
    • PC1/Power Users
    • PC1/Administrators
  • Properties -> Identity. Select The interactive user option box.
  • Click on OK button to return back to the Distributed COM Configuration Properties window.
  • Default Properties tab. Select Enable Distributed COM on this computer check box.
  • Default Properties tab -> Default Authentication Level combo box. Select Connect.
  • Default Properties tab -> Default Impersonation Level combo box. Select Anonymous.
  • Default Security tab. On the Default Access Permissions frame, click on Edit Default… button, click on Add and add the following users (Allow Access):
    • Everyone
    • Rebat Hiary
  • Default Security tab. On the Default Launch Permissions frame click on Edit Default… button, click on Add and add the following users (Allow Launch):
    • Interactive
    • PC1/Administrators
    • System
  • Default Security tab. On the Default Configuration Permissions frame, click on Edit Default… button, click on Add and add the following users:
    • Rebat Hiary
    • Everyone
    • System
    • Creator Owner
    • PC1/Power Users
    • PC1/Administrators
  • (VERY IMPORTANT) Delete the EXE component from client machine.

Notes:

  • If the above steps didn't work with you, you can make the following as extra steps:
    • Generate the Proxy/Stub DLL.
    • Register it on both machines, PC1 and PC2.
  • If you found that these steps are missing something important, please, inform me just to update this article.
  • Warning! Playing with DCOMCNFG tool incorrectly, might harm your machine.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

No Biography provided

Comments and Discussions

 
GeneralInterface Not Supported PinsussEduardoAmorim31-Mar-05 6:26 
GeneralError 70: Permission Denied PinsussAnonymous10-Sep-03 0:18 
Generalpermission denied and clas not registered Pinsussborisoto22-Aug-02 12:35 
GeneralRe: permission denied and clas not registered PinmemberMember 320912615-Jan-09 18:54 
GeneralClass Not Registered. PinmemberAnderson Haertel Rodrigues21-May-02 10:11 
GeneralRe: Class Not Registered. PinsussBorisoto22-Aug-02 12:13 
Generalsecurity PinmemberHaresh2-May-02 22:37 
GeneralRegistering DCOM Object PinmemberJaywalker15-Mar-02 10:32 
GeneralAccess Denied PinmemberRashid Thadha8-Oct-01 1:50 
GeneralRe: Access Denied PinmemberShadi Al-Kahwaji8-Oct-01 1:53 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web03 | 2.8.150327.1 | Last Updated 8 Oct 2001
Article Copyright 2001 by Shadi Al-Kahwaji
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid