Geek Answers Handbook

How can I automatically change COM security settings using C #?

I need to programmatically change COM security permissions using .NET methods. I mean the following settings:

enter image description here

How can i do this? Thanks!

+5
source share
2 answers

As far as I know, there is no API for this. However, access control for COM and DCOM is set in the registry, mainly under the "incognito" OLE (due to historical reasons). At the same time, .NET has standard classes for managing the registry.

So here is what I have to do when I come across this task:

  • Start the registry monitor, for example Mark Russinovich previously SysInternals, now Microsoft

  • Set some COM settings interactively using the Windows user interface and track registry changes.

  • Optional, but highly recommended: after you have a very well-targeted search keyword (registry keys) try google for doc / code, or what better github search in code

  • Implement my C # classes, which are managed by the appropriate registry classes

+2
source

I know that this tropic is old, but here is the solution that I used in case he needs it. As indicated above, I could not find any API for this and should have worked directly in the registry key in which the seat is stored. Overlay keys must be edited:

  • HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Ole \ DefaultAccessPermission
  • HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Ole \ DefaultLaunchPermission

Permissions are stored in binary form. You can try my code:

static class ComACLRights { public const int COM_RIGHTS_EXECUTE = 1; public const int COM_RIGHTS_EXECUTE_LOCAL = 2; public const int COM_RIGHTS_EXECUTE_REMOTE = 4; public const int COM_RIGHTS_ACTIVATE_LOCAL = 8; public const int COM_RIGHTS_ACTIVATE_REMOTE = 16; } static void Main(string[] args) { SetCOMSercurityAccess("testuser", "DefaultAccessPermission"); SetCOMSercurityAccess("testuser", "DefaultLaunchPermission"); } private static void SetCOMSercurityAccess(string username, string regKey) { //Get sid from username NTAccount f = new NTAccount(username); SecurityIdentifier sid = (SecurityIdentifier)f.Translate(typeof(SecurityIdentifier)); //Read reg key responsible for COM Sercurity var accessKey = Registry.GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", regKey, null); RawSecurityDescriptor sd; if (accessKey == null) { //Key does not exist sd = new RawSecurityDescriptor(""); } else { //read security settings sd = new RawSecurityDescriptor(accessKey as byte[], 0); } //Look fo input foruser var acl = sd.DiscretionaryAcl; var found = false; foreach (CommonAce ca in acl) { if (ca.SecurityIdentifier == sid) { //ensure local access is set ca.AccessMask |= ComACLRights.COM_RIGHTS_EXECUTE | ComACLRights.COM_RIGHTS_EXECUTE_LOCAL | ComACLRights.COM_RIGHTS_ACTIVATE_LOCAL; //set local access. Always set execute found = true; break; } } if (!found) { CommonAce ca = new CommonAce( AceFlags.None, AceQualifier.AccessAllowed, ComACLRights.COM_RIGHTS_EXECUTE | ComACLRights.COM_RIGHTS_EXECUTE_LOCAL | ComACLRights.COM_RIGHTS_ACTIVATE_LOCAL, sid, false, null); acl.InsertAce(acl.Count, ca); } //re-set the ACL sd.DiscretionaryAcl = acl; //Convert back to binary and save byte[] binaryform = new byte[sd.BinaryLength]; sd.GetBinaryForm(binaryform, 0); Registry.SetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", regKey, binaryform, RegistryValueKind.Binary); }

This code is mostly inspired by this answer.

+1
source

More articles:


All Articles