配置你的MTS组件的访问
例如如果你使用VB编写的三层结构的应用时可以使用这个工具进行相关的配置,
不过一般使用缺省的设置就可以了
例如如果你使用VB编写的三层结构的应用时可以使用这个工具进行相关的配置,
不过一般使用缺省的设置就可以了
解决方案 »
- 关于捕获鼠标按下事件的问题...
- api hook应该hook哪个函数才能拦截弹出打印对话框呢?
- 怎么让msflexgrid分页?
- *********再过一个月就到合同期了,已经和头说了并同意了,那最后这个月能去找工作吗,毕竟也算是合同期啊,大虾请指教********
- 请教:如何从任意网页中读取数据到数据库或变量中
- 请问用传真软件发传真所产生的费用同用传真机传真产生的费用是不是一样的?
- 紧急求助!为什么总是“驱动程序命令行中有错误”?
- 请教!
- 关于VB的LEN函数
- 分赠有缘
- 权限管理,高分求例子
- What is the meaning of "mb"=========================
DCOMCNFG.EXE (DCOM Config) is a utility you can use to secure DCOM Objects you have created. This article describes the DCOM Config interfaces, options, and settings. Because security is much more limited on Windows 95, the interface and options may differ on Windows 95 systems. This article is written for those running DCOM Config on Windows NT systems. MORE INFORMATION
The main interface of DCOM Config is divided into three tabs:
1.Applications. 2.Default Properties. 3.Default Security. Applications Tab
The Applications tab shows each of the items registered under the following registry key:
HKEY_CLASSES_ROOT\AppIdBeneath this key are all of the objects that can be launched on a remote machine. DCOM Config displays just the ProgIDs (friendly names) of each object, such as "Microsoft Word Document" or "Microsoft Access Database." Some objects may register without registering a ProgID; in these cases, the GUID of the object will be displayed, such as "{4E6B942A-01B0-11D1-A9CB- 00AA00B7B36F}."
For each item listed in the Applications tab, properties for each application can be viewed by selecting an item and choosing the "Properties" button or by double-clicking an application name. Default Properties Tab
Each of the values displayed under the Default Properties tab may be found under the following key in the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
The first item in the Default Properties tab is a check box: "Enable Distributed COM on this computer"
This is a global setting for the entire machine. When this option is checked, the machine allows the creation of DCOM objects. If it is not checked, objects cannot be created via DCOM.
NOTE: You must reboot the system in order for a change in this setting to take effect. The second part of the Default Properties tab is the Default Distributed COM Communication Properties, which has of two levels:
Default Authentication Level. Default Impersonation Level. These two options can only be modified if DCOM is enabled on this system.
Default Authentication Level (Packet Level)
Authentication Levels are as follows;
Name DescriptionNone No authentication.
Connect Authentication occurs when a connection
is made to the server. Connectionless
protocols do not use this.
Call The authentication occurs when a RPC call
is accepted by the server. Connectionless
protocols do not use this.
Packet Authenticates the data on a per-packet
basis. All data is authenticated.
Packet Integrity This authenticates that the data has come
from the client, and checks that the
data has not been modified.
Packet Privacy In addition to the checks made by the other
authentication techniques, this encrypts
the packet.
Default May vary depending upon operating system.
Note that "Connect" and "Call" are used for connectionless protocols only. Windows NT uses a connectionless protocol, UDP, by default. However, Windows 95 uses TCP, which is connection-based. Windows 95 machines can only accept calls on the "None" or "Connect" levels.
Default Impersonation Level
If no security is set at the object level, the server uses the security setting specified here as the default. The possible values are:
Name DescriptionAnonymous The client is anonymous. This setting is
not currently supported by DCOM.
Identify The server can impersonate the client to
check permissions in the ACL (Access Control
List) but cannot access system objects.
Impersonate The server can impersonate the client and
access system objects on the client's behalf.
Delegate In addition to the Impersonate level, this
level can impersonate the client on calls to
other servers. This is not supported in the
current release of DCOM.
The last item on the Default Security tab is a check box: "Provide additional security for reference tracking"
which tells the server to track connected client applications by keeping an additional reference count. Checking this box uses more memory and may cause COM to slow down, but it ensures that a client application cannot kill a server process by artificially forcing a reference count to zero.
Default Security Tab
There are three options under the Default Security tab. Each of the values stored here can be found in the Windows registry at the following location:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
The three options are: Default Access Permission: This value determines the users and groups that can access an object when no other access permissions are provided. For information on how to give individual access permissions to specific DCOM objects, see the "Application Properties" section later in this document. By default, access is provided to the "System" and "Interactive" groups. Default Launch Permission: This value determines the users and groups that can launch an object when no other access permissions are provided. For more information on how to give individual launch permissions to specific DCOM objects, see the section "Application Properties" later in this document. Default Configuration Permission: This value determines the users and groups that may read or modify configuration information for DCOM applications. This also includes which users and groups will have permission to install new DCOM servers. System Groups
There are several group accounts you will find when you configure users and groups. The following list is a summary of which user belongs to each group:
Group DescriptionInteractive Includes all users who log on to a Windows NT
system locally (at the console). It does not
include users who connect to NT resources across
a network or are started as a server.Network Includes all users who connect to Windows NT
resources across a network. It does not include
those who connect through an interactive logon.Creator/Owner The Creator/Owner group is created for each
sharable resource in the Windows NT system. Its
membership is the set of users who either create
resource s(such as a file) and those who take
ownership of them.Everyone All users accessing the system, whether locally,
remotely, or across the network.System The local operating system.
The list above includes the group accounts that are intrinsic to Windows NT systems. Your particular network may include more groups from which you may choose. In order to determine the membership of each custom group account, you must contact your network administrator.
Application Properties
You can specify custom settings for individual DCOM applications by choosing the Properties button on the "Applications" tab in DCOM Config. The following section describes each tab (General, Location, Security, Identity) and setting found within Application Properties. General
The General tab provides general information about the application, displaying the Application name, type (local server or remote server), and location (local path or remote computer). These settings are not modifiable through the DCOM Config interface. The General Table retrieves all of its information from subkeys of the following registry key:
HKEY_CLASSES_ROOT\CLSID\{...CLSID...}
where {...CLSID...} is the unique CLSID for the Object Server currently being viewed.
Location
This tab is used to determine where DCOM will execute the application. There are three possible choices:
Run application on the computer where the data is located: if selected, DCOM will execute the application where the data is located. This is useful only if the application provides a data file for the server application. Run application on this computer: indicates that the DCOM application should run on the local machine. Run application on the following computer: allows you to specify a computer on which to execute. (This feature is currently unavailable on Windows NT 4.0 systems, Windows NT 4.0 does not support full security delegation.) If more than one of the above is selected, DCOM will use the first applicable option. Client applications may also override this setting.
Security
On the Security tab, you can customize settings for the following individual application permissions:
Access Permissions. Launch Permissions. Configuration Permissions. If you do not customize these settings, the default security settings are used. For more information about the Security tab, see the section earlier in this article on "Default Security."
Identity
This tab is used to determine which account you want to use to run the application. There are four choices by which the system determines which account your DCOM object will run under:
The Interactive User: the application will run using the security context of the user currently logged onto the computer. If this option is selected and the user is not logged on, then the application will not start. The Launching User: the application will run using the security context of the user who started the application. The launching user and the interactive user may be the same. This User: you may specify the user whose security context will be used to run the application. The System Account: this is available only for NT services that use DCOM.