README.TXT
DCOMPERM
========
The DCOMPERM sample provides source code and several wrapper functions to
simplify the process of manipulating the access and launch permissions for
a COM server. Additionally, this sample provides code which demonstrates how
to set and retrieve the RunAs password for a COM server.
Wrapper Functions
-----------------
ChangeDefaultAccessACL ------------------------------------------------------
DWORD
ChangeDefaultAccessACL (
LPTSTR Principal,
BOOL SetPrincipal,
BOOL Permit
);
Description:
Modify the default access access control list. The system uses the default
access ACL to determine if a principal is allowed to access the COM server
if the COM server does not have its own access ACL in the AppID section of
the registry.
Parameters:
Principal Name of user or group (e.g. "redmond\johndoe")
SetPrincipal TRUE if you want to add/update the principal's
entry in the ACL
FALSE if you want to remove the principal from
the ACL
Permit TRUE if you want to allow the principal to access
the object
FALSE if you want to prevent the principal from
accessing the object
(Note that the Permit flag applies only when SetPrincipal is TRUE.)
ChangeAppIDAccessACL --------------------------------------------------------
DWORD
ChangeAppIDAccessACL (
LPTSTR AppID,
LPTSTR Principal,
BOOL SetPrincipal,
BOOL Permit
);
Modify an AppID's access access control list. The system uses the AppID
access ACL to determine if a principal is allowed to access the COM server
associated with the AppID.
Parameters:
AppID The Application ID you wish to modify
(e.g. "{99999999-9999-9999-9999-00AA00BBF7C7}")
Principal Name of user or group (e.g. "redmond\johndoe")
SetPrincipal TRUE if you want to add the principal to the ACL
FALSE if you want to remove the principal from
the ACL
Permit TRUE if you want to allow the principal to access
the object
FALSE if you want to prevent the principal from
accessing the object
(Note that the Permit flag applies only when SetPrincipal is TRUE.)
ChangeDefaultLaunchACL ------------------------------------------------------
DWORD
ChangeDefaultLaunchACL (
LPTSTR Principal,
BOOL SetPrincipal,
BOOL Permit
);
Modify the default launch access control list. The system uses the
default launch ACL to determine if a principal is allowed to launch a
COM server if the COM server does not have its own launch ACL in the AppID
section of the registry.
Parameters:
Principal Name of user or group (e.g. "redmond\johndoe")
SetPrincipal TRUE if you want to add/update the principal's
entry in the ACL
FALSE if you want to remove the principal from
the ACL
Permit TRUE if you want to allow the principal to launch
the object
FALSE if you want to prevent the principal from
launching the object
(Note that the Permit flag applies only when SetPrincipal is TRUE.)
ChangeAppIDLaunchACL --------------------------------------------------------
DWORD
ChangeAppIDLaunchACL (
LPTSTR AppID,
LPTSTR Principal,
BOOL SetPrincipal,
BOOL Permit
);
Modify an AppID's launch access control list. The system uses the AppID
launch ACL to determine if a principal (a user or group of users) is allowed
to launch the COM server associated with the AppID.
Parameters:
AppID The Application ID you set permissions for
(e.g. "{99999999-9999-9999-9999-00AA00BBF7C7}")
Principal Name of user or group (e.g. "redmond\johndoe")
SetPrincipal TRUE if you want to add the principal to the ACL
FALSE if you want to remove the principal from
the ACL
Permit TRUE if you want to allow the principal to launch
the object
FALSE if you want to prevent the principal from
launching the object
(Note that the Permit flag applies only when SetPrincipal is TRUE.)
GetRunAsPassword ------------------------------------------------------------
DWORD GetRunAsPassword (
LPTSTR AppID,
LPTSTR Password
);
Description:
Retrieves the RunAs password for an AppID.
Parameters:
AppID The Application ID you wish to configure
(e.g. "{99999999-9999-9999-9999-00AA00BBF7C7}")
Password Password of the user you have specified in
the RunAs named value under the AppID registry
key.
SetRunAsPassword ------------------------------------------------------------
DWORD SetRunAsPassword (
LPTSTR AppID,
LPTSTR Principal,
LPTSTR Password
);
Description:
Sets the RunAs password for an AppID. Note that if you have specified the
RunAs named value to "Interactive User" you do not need to set the RunAs
password.
Parameters:
AppID The Application ID you wish to configure
(e.g. "{99999999-9999-9999-9999-00AA00BBF7C7}")
Principal Name of the principal you have specified in the
RunAs named value under the AppID registry key
Password Password of the principal you have specified in
the RunAs named value under the AppID registry
key.