Activation security (also called launch security) controls who can launch a server. Activation security is automatically applied by the Service Control Manager (SCM) of a particular machine. Upon receipt of a request from a client to activate an object (as described in Instance Creation Helper Functions), the SCM of the machine checks the request against activation-security information stored within its registry. (Activation security is also checked for same-machine activations.)
You might decide that you do not want remote clients to be able to activate any objects on a given machine. If you are the machine administrator, you can set the EnableDCOM named value in the registry to N either directly or using Dcomcnfg.exe. This setting has no effect on local COM. COM still looks for an ACL in the LaunchPermission named value, if there is one, and if not, in the DefaultLaunchPermission value. (The DefaultLaunchPermission named value is only accessible to administrators.) Even if you turn off remote COM using the EnableDCOM named value, if another user has physical access to your machine, they could launch a server on your machine unless you set launch permissions (with an ACL) not to allow it.
The Windows 95 and Macintosh platforms do not support launch security. For more details on the Windows 95 platform, see COM Security and Windows 95.