I know how to read my current DCOM configuration:
$dcom = Get-WMIObject -Class Win32_DCOMApplicationSetting -Filter 'Description="MyComp123"'
It works fine. But how can I create and assign a new RunAs (Identity) user?
Asked
Active
Viewed 2,075 times
2
bob morane
- 650
- 1
- 11
- 24
-
1related: http://stackoverflow.com/questions/11363342/change-dcom-config-security-settings-using-powershell – David Brabant Jan 13 '17 at 15:59
-
I knowing about: -SetLaunchSecurityDescriptor -SetAccessSecurityDescriptor -SetConfigurationSecurityDescriptor but I am looking for to edit the RunAsUser Identity option with PowerShell? Have a look to my screenshot. – bob morane Jan 17 '17 at 13:47
-
It seems like there is no programatic way - you have to use external executable as described [here](https://serverfault.com/questions/555745/change-a-dcom-applications-identity-with-a-script) – Stoinov Oct 22 '19 at 15:56
1 Answers
0
See the two answers of this post. I think you can change the identity either via the AccessSecurityDescriptor or the LaunchSecurityDescriptor.
The identity can be changed via the registry:
# We set to value to empty -> in this case the DCOM entries identitiy is set to "Launching User"
Set-ItemProperty -path ("Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0}" -f $talDComEntry.AppID) -name "RunAs" -Value ""
-
But you can not edit the identity user with the descriptors. (see screenshot) – bob morane Jan 17 '17 at 13:46
-
I`ve updated the answer. As far as I can remember you can change the identity via a registry entry. – Moerwald Jan 17 '17 at 13:50
-
-
You have to rely on external executable for this part as described [here](https://serverfault.com/questions/555745/change-a-dcom-applications-identity-with-a-script) – Stoinov Oct 22 '19 at 15:58