Application specific permission settings cannot include CLSID – AD

Wrote an article last week "Application specific permission settings cannot include CLSID – SQL」,At that time, I saw it in the system event record on SQL Server,The permissions in question are in the role of SQLSERVERAGENT,There is no problem with the permissions of the server itself (SYSTEM 及 Administrator)。I saw the same message on the AD server today,This time, the server itself has insufficient permissions,Therefore, multiple steps are required to retrieve the permissions from regedit。

 

◎ Open "Component Service",In "DCOM Settings",Switch to "Details" view mode。。
◎ Find the APPID in the event record one by one,I, for one,Looking for "{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}“。。
◎ Finally, you can find the corresponding component "RuntimeBroker"。

 

◎ Right click on the component-"Content",Switch to the "Security" page。
◎ Here you can see that the buttons are all grayscale,Means we don't have permission。

 

◎ Executive Regedit,Search "{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}“。
◎ Right click on the machine code,Select "Use Rights"。

 

◎ After entering the permission setting screen,We ca n’t change the content yet,So first click "Advanced"。

 

◎ The default "owner" is”TrustedInstaller”,Ready to change it to manager。

 

◎ After changing to manager,Press OK,Return to the previous permission setting screen。

 

◎ Added "Full Control" permission for SYSTEM and administrators。

 

◎ Next,Go back to the "Component Services" window,Rearrange the picture(Or turn off and on),And enter the content of the element,At this point the button can be clicked。
◎ Click "Edit" in the "Activate and Enable Permission" item。

 

◎ If there is a "Windows Security" warning screen,Click "Remove"。

 

◎ Go to the permission setting screen,You can see that the roles of SYSTEM and manager are missing。

 

◎ Click "Add",Join SYSTEM and managers,
◎ and activate the "local" of the two characters、Change the permission of "Local Activation" to "Allow"。

 

【參考連結】

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments