Question : COM security setting / edit limits

I recently applied a domain GP settings on my domain controller. some of these GP settings where applied to the DCOM under Computer Configuration / Windows Settings / Security Settings / local policies / security options.
After applying these I noticied that a server based application Stopped working. This applicaiton uses the COM Seciruty settings on the dcomcnfg.exe console.
I disabled the entire group policy settings to see if everything goes back to normal but form some reason i can no longer acces the Edit limits unders the COM Security settings. It looks as if not even the domain admin has access to this tabs. I have been trying for hours but i don't seem to have access to this settings on any workstation or server on the domain.
Any suggestion will be greatly appreciated.

Answer : COM security setting / edit limits

I have not really tested the same. but you could try the below mentioned steps and let me know if it is working out for you or not:

Go to Control Panel>Administrative Tools>Local Security Settings>Local Policies>Security Options, and disable the following two policies:

DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax

To remove each policy:
1. Right click on the policy to disable and select Properties;
2. Click on the Edit Security button and the "Access Permission" window should open;
3. Remove all Group or User names;
4. Press OK to go back to the Template Security Policy Setting tab under the policy properties;
5. Press Apply and then OK to exit

To check:
1. Run DCOMCNFG and the Component Services windows should open.
2. Expand Component Services, Computers, and select My Computer.
3. Right click on My Computer and select Properties.
4. Click on the "COM Security" tab and both Edit Limits buttons are no longer greyed out under "Access Permissions" and "Launch and Activation Permissions"
5. If you cannot regain access to the DCOM: Machine Access Restriction and DCOM: Machine Launch Restrictions, go to the Registry using Regedit, locate HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DCOM\ , delete both the Machine launch and Machine access keys, but do not delete the default key. This will recover access to the items.

Random Solutions  
 
programming4us programming4us