Grant, Revoke, Get DCOM permissions using PowerShell

100% pure PowerShell solution to modify Launch and Activation Permissions and/or Access Permissions on DCOM objects.

 
 
 
 
 
4.7 Star
(19)
18,839 times
Add to favorites
Security
9/23/2017
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Revoking Permissions by SID
    1 Posts | Last post May 11, 2019
    • I have an unknown account that is listed by the SID with permissions.  I know it might not be hurting anything, but I would like to clean it up.  Is there a way to revoke permissions by SID instead of account name?  If not, is this something you would consider adding?
  • dcom 1006 problem - 2 unknown accounts - your psm1 is not allowed -
    1 Posts | Last post March 08, 2019
    • Hi Tony, 
      
      I got stuck with 1006 issues - and with 2 RBrokers running 
      +
      Unknow accounts with The SID of this account is S-1-15-3-1024-xxxx - also
      +
      under  Apps and Services after PowerShell - 2 Mirosoft/Windows entries written in  Greek letters
      with paths of  unopenable log files: 
      Microsoft-Windows-AppLocker/Packaged app-Execution
      %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx
      Microsoft-Windows-AppLocker/Packaged app-Deployment
      %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx
      %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx
      Microsoft-Windows-AppLocker/EXE and DLL
      +
      unable to run your *.psm1 
      
      My W10 is Hungarian version
      
      Please be so kind to advice
      Thanks
      Tony
  • don't know what to enter for value "Permissions[0]:"
    1 Posts | Last post February 19, 2019
    • followed you steps and got stuck at the step after entering the "Type" field.
      Next line seems to want a value for "Permissions[0]: but I have no idea what to place there!
  • Exception calling "Translate" with "1" argument(s)
    1 Posts | Last post February 17, 2019
    • I have successfully used your excellent automated method for fixing DCOM event log errors. When the Account is MyDomain\MyUsername or even NT AUTHORITY\LOCAL SERVICE, I see no errors. When Account is NT AUTHORITY\SYSTEM SID (S-1-5-18) or NT AUTHORITY\SYSTEM SID (S-1-5-19), I see a failure like the following. My guess is that SYSTEM SID (some ID) is not a real user account.
      
      Grant-DCOMPermission -ApplicationID "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" -Account "NT AUTHORITY\SYSTEM SID (S-1-5-18)" -Type Launch -Permissions LocalLaunch,LocalActivation -OverrideConfigurationPermissions
      
      Wrapper-DComPermission : Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
      At C:\_\configs\DCOMPermissions.psm1:757 char:5
      +     Wrapper-DComPermission -Purpose Grant -ApplicationID $Application ...
      +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : NotSpecified: (:) [Wrapper-DComPermission], MethodInvocationException
          + FullyQualifiedErrorId : IdentityNotMappedException,Wrapper-DComPermission
      
      From the event log:
      The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
      {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
       and APPID 
      {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
       to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
      Jay
  • Hello Tony, quick question...
    1 Posts | Last post January 28, 2019
    • Is this supposed to be shown when ran?
      
      WARNING: Unable to map SID to name.
  • Can't fix common error with DCOM.
    1 Posts | Last post December 22, 2018
    • Hi Tony, I spend 2 days and today is the third...
      I have same error (translated):
      According to the settings, the right permissions for the application are not granted the Local Activation permission to the COM server application with the CLSID class identifier
      {D63B10C5-BB46-4990-A94F-E40B9D520160}
        and APPID application ID
      {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
        to the user DESKTOP-8BUK515 \ jola with the SID security identifier (S-1-5-21-199036384-1877231463-3742726854-1002) from the LocalHost address (using the LRPC) operating in the application container with the SID Not available (Not available). This security permission can be modified using the Component Services administrative tool.
      I have follow all your advices, but it did not help.
      My permission setting is (translated):
      >> Get-DCOMPermission -ApplicationID "{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -Type Launch
      ...
      SID           : S-1-5-19
      Name          :  NETWORK AUTHORITY  \LOCAL SERVICE
      ApplicationID : {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
      Type          : AccessAllowed
      AccessMask    : 11
      Access        : {LocalLaunch, LocalActivation}
      
      Same for SYSTEM, NETWORK SERVICE, SELF and any, which came into my mind.
      
      I always get this error, if I run my application, also if I try to open Model COM+ Application folder in DCOM configuration.
      
      I realized this problem, after I have shortly used XAMPP on my computer (later uninstalled). I turned my Win 10 version back to version before the XAMPP installing, and it did not help (maybe this has nothin common with my problem).
      
      I have no idea to solve this problem, please, help...
      Greeting from Poland,
      Jola K.
  • Setting global DCOM Security settings
    1 Posts | Last post December 21, 2018
    • Other than individual DCOM objects, can this script help set global DCOM Security settings?
       (Under DCOMCNFG > My Computer properties - COM Security) 
  • Did not fix the dcom 1006 problem
    3 Posts | Last post December 14, 2018
    • I ran the following with my appid that was getting the error:
      
      # Fix System Event Log DistributedCOM 10016 errors on Windows 10 / Server 2016 
      Grant-DCOMPermission -ApplicationID "{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}" -Account "SYSTEM" -Type Launch -Permissions LocalLaunch,LocalActivation -OverrideConfigurationPermissions 
      
      
      I received no error from powershell (admin).
      
      I receive the same error after a reboot from event viewer:
      
      The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
      {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
       and APPID 
      {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
       to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool
      
      Do you have any other suggestions?
       
      
    • In your example, you granted the "SYSTEM" account permissions to the AppID, but the event log states that "LOCAL SERVICE" doesn't have permission.
      
      Try:
      Grant-DCOMPermission -ApplicationID "{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}" -Account "LOCAL SERVICE" -Type Launch -Permissions LocalLaunch,LocalActivation -OverrideConfigurationPermissions 
    • Hi Tony, I spend 2 days and today is the third...
      I have same error (translated):
      According to the settings, the right permissions for the application are not granted the Local Activation permission to the COM server application with the CLSID class identifier
      {D63B10C5-BB46-4990-A94F-E40B9D520160}
        and APPID application ID
      {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
        to the user DESKTOP-8BUK515 \ jola with the SID security identifier (S-1-5-21-199036384-1877231463-3742726854-1002) from the LocalHost address (using the LRPC) operating in the application container with the SID Not available (Not available). This security permission can be modified using the Component Services administrative tool.
      I have follow all your advices, but it did not help.
      My permission setting is (translated):
      >> Get-DCOMPermission -ApplicationID "{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -Type Launch
      ...
      SID           : S-1-5-19
      Name          :  NETWORK AUTHORITY  \LOCAL SERVICE
      ApplicationID : {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
      Type          : AccessAllowed
      AccessMask    : 11
      Access        : {LocalLaunch, LocalActivation}
      
      Same for SYSTEM, NETWORK SERVICE, SELF and any, which came into my mind.
      
      I always get this error, if I run my application, also if I try to open Model COM+ Application folder in DCOM configuration.
      
      I realized this problem, after I have shortly used XAMPP on my computer (later uninstalled). I turned my Win 10 version back to version before the XAMPP installing, and it did not help (maybe this has nothin common with my problem).
      
      I have no idea to solve this problem, please, help...
      Greeting from Poland,
      Jola K.
  • Event with no App ID (?)
    1 Posts | Last post November 25, 2018
    • Tony,
      
      Thanks for the GREAT PowerShell script. Retired "seasoned citizen" and yet I was able to follow along.
      
      Got rid of most of the Event Viewer events, but I still keep getting ones that don't have an app ID listed. Any thoughts on getting rid of these:
      
      The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
      Windows.SecurityCenter.SecurityAppBroker
       and APPID 
      Unavailable
       to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
      
      The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
      Windows.SecurityCenter.WscDataProtection
       and APPID 
      Unavailable
       to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
      
      The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
      Windows.SecurityCenter.WscBrokerManager
       and APPID 
      Unavailable
       to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
      
  • Powershell module not found?
    2 Posts | Last post October 20, 2018
    • Hi Tony,
      
      My computer crashes daily... I've had 3 computer 'experts' look at it and they can't figure out what is wrong. I also get BSOD daily, and my event viewer has the same error message over and over. I have wiped my computer clean and started fresh multiple times in hopes of it getting rid of it but the same thing happens every time.
      
      I stumbled across a few things that I haven't tried yet in a search to try to solve my problem, and currently have the same issue as this person with the greyed out button:
      https://social.technet.microsoft.com/Forums/windows/en-US/d39dd668-4a47-4041-a455-e5b389711c7a/component-serv-dcom-config-runtimebroker-launch-amp-activation-permissions-add-user-grayed?forum=win10itprogeneral&prof=required
      I saw your reply on there, which let me here. I opened PowerShell as administrator and tried to run the script you posted in that thread but got these 2 error messages:
      
      Import-Module : The specified module '.\DCOMPermissions' was not loaded because no valid module file was found in any
      module directory.
      At line:1 char:1
      + Import-Module .\DCOMPermissions
      + ~~~~~~~
          + CategoryInfo          : ResourceUnavailable: (.\DCOMPermissions:String) [Import-Module], FileNotFoundException
          + FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand
      
      Grant-DCOMPermission : The term 'Grant-DCOMPermission' is not recognized as the name of a cmdlet, function, script
      file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
      and try again.
      At line:3 char:1
      + Grant-DCOMPermission -ApplicationID "{9CA88EE3-ACB7-47C8-AFC4-AB70251 ...
      + ~~~~
          + CategoryInfo          : ObjectNotFound: (Grant-DCOMPermission:String) [], CommandNotFoundException
          + FullyQualifiedErrorId : CommandNotFoundException
    • continued... sorry it's so long
      
      I know I have to put the file downloaded here into a module folder. I went to:
      C:\Program Files\WindowsPowerShell\Modules
      but not sure which to go to after getting here to put the file in. My folders are:
      Microsoft.PowerShell.Operation.Validation
      PackageManagement
      Pester
      PowerShellGet
      PSReadline
      
      My apologies if this is something easy. I'm honestly not sure what exactly I am doing, but after having 3 professionals look at it, paying way too much for this... this is my last shot at trying to get it fixed... and google and technet has become my best friend.
      
      Thanks for your time.
1 - 10 of 26 Items