'Re: Access/Launch permissions'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-dcom
Subject:    Re: Access/Launch permissions
From:       Jos Scherders <jos.scherders () PHILIPS ! COM>
Date:       2003-08-19 12:00:03
[Download RAW message or body]

Hi,

I found the problem.

In addition to creating the loacl users adding them to the AccessPermission
and LaunchPermission registry keys I needed to change the local security
policy. Under Local Security Policy->Network Access I changed the setting

      Sharing and Security model for local accounts
      from
      Guest only - local users authenticate as Guest
      to
      Classic - local users authenticate as themselves

I also set the min authentication level to Packet but I am not sure this
is in fact nessecary.

Jos.





                                                   To:   DCOM@DISCUSS.MICROSOFT.COM
                                                   cc:   (bcc: Jos Scherders/BST/MS/PHILIPS)
                                                   Subject:    Re: Access/Launch permissions

               Krzysztof Kozielczyk                Classification:
               <kozielczykk@HOTMAIL.COM
               >

               Sent by:
               Distributed COM-Based
               Code
               <DCOM@DISCUSS.MICROSOFT.
               COM>

               08/19/2003 09:37 AM
               Please respond to
               Distributed COM-Based
               Code






Hi Jos.

I'm not sure but personification level set to anonymous may be responsible
for your problem. If I can remember it well, when personification is set to
anonymous, COM client tries to log on guest account on server istead of
trying to proove its identity. Try to set higher personification level to
make a client log in.

Please someone correct me if I'm wrong.

Best regards, Krzysztof Kozielczyk

>From: Jos Scherders <jos.scherders@PHILIPS.COM>
>Reply-To: Distributed COM-Based Code <DCOM@DISCUSS.MICROSOFT.COM>
>To: DCOM@DISCUSS.MICROSOFT.COM
>Subject: Re: [DCOM] Access/Launch permissions
>Date: Mon, 18 Aug 2003 17:59:30 +0200
>
>Hi,
>
> >>Create an account on both Machine A and B with the same name and
>password
> >>and use that account
>
>
>I still don't have it working and I can't figure out what is wrong.
>
>The server on machine runs onder the account called AccountOnA. This
>is correct as displated by Task Manager. The COM server is also configured
>to access and launch permissions for a user called AccountOnB.
>
>On Machine B I have COM object that I want to instantiate. The associated
>COM server has a RUNAS=AccountOnB.
>
>When the COM server on Machine A tries to instantiate an object on B I get
>logon failure on Machine B (Machine B : Guest account logon failure).
>
>Why is Guest trying to logon, the server on A runs as AccountOnA.
>
>Btw, both AccountOnA and AccountOnB actually exist on both machines. I use
>these accounts to grant launch/access permissions for the COM objects.
>
>ANyone have an idea what I can try or how to debug this ?
>
>Thanks all,
>Jos.
>
> >>>
>-----Original Message-----
>From: Jos Scherders [mailto:jos.scherders@PHILIPS.COM]
>Sent: 14 August 2003 15:30
>To: DCOM@DISCUSS.MICROSOFT.COM
>Subject: Access/Launch permissions
>
>
>Hi All,
>
>We have a COM Server running on Machine A, say COMSERVERA. COMSERVERA
>instantiates an
>object on machine B. The COM server on machine B futhermore makes a
>callback
>into the COMSERVERA.
>
>We have this working correctly by running the COMSERVERA under a Domain
>account and dcomcnfg allows
>us to add this account to the list of accounts that we want to have
>Access/Launch permissions.
>
>The problem is however when the two PC's are not running in a Domain. How
>can I configure the com servers
>on machine A and B so A can launch/access the comserver on B and vice
>versa.
>Is it sufficient to create
>an account on both Machine A and B with the same name and password and use
>that account or must we
>use coInitializeSecurity for this purpose ?
>
>Thanks all,
>Jos Scherders
>
>PS: Both machines are Windows XP machines.
> >>>
>
>----------------------------------------------------------------
>Users Guide http://discuss.microsoft.com/archives/mailfaq.html
>contains important info. Save time, search the archives at
>http://discuss.microsoft.com/archives/index.html .
>To unsubscribe, mailto:DCOM-signoff-request@DISCUSS.MICROSOFT.COM

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.html
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:DCOM-signoff-request@DISCUSS.MICROSOFT.COM

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.html
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:DCOM-signoff-request@DISCUSS.MICROSOFT.COM
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic