Guest Michael S. Androsov Posted November 20, 2007 Posted November 20, 2007 Anybody can help me? I have COM+ application. I (administrator) can stop this application from Components Services snap-in. Can I define other user for this operation? This user is not administrator. Michael
Guest Krish Posted November 22, 2007 Posted November 22, 2007 RE: COM+ question Hi Michael, You can use the Component Services administrative tool to populate a role with user accounts or groups. The preferred way to assign a user account to a role is to assign the user account to a Microsoft® Windows® group and then assign the group to the role. Using Windows groups to populate roles makes it easier for you to manage large numbers of users. In the online help for the Computer Management administrative tool, see the topic "Local Users and Groups" for more information about creating a Windows group or assigning a user account to a Windows group. Note To allow unauthenticated network users to run a COM+ application, the application roles must include the Anonymous user. In Windows Server 2003, by default, the Anonymous user is not included in the Everyone group. After you have assigned the user account to the appropriate Windows group, follow the steps below to assign the Windows group to the role. To assign a Windows group to a security role In the console tree of the Component Services administrative tool, locate the COM+ application that contains the role to which you want to add the user account or group. Expand the view in the console tree until the application's roles are visible. Locate the role to which you want to add the user account or group. Note If the role you are looking for is not in the Roles folder, the role has not been added to the application. It must be added to the application by the developer before you can assign user accounts to the role. Right-click the Users folder in the role, point to New, and then click User. In the Select Users or Groups window, in the bottom pane, type the fully qualified name of the user or group you want to add. If you do not know the name, click the Advanced button and then click Find Now to view a list of users and groups in the selected domain. Select a user or group from the Name (RDN) list, and click OK. To add more user accounts or groups, repeat step 4. When you have finished adding user accounts and groups to the role, click OK. For each user account or group you have assigned to the role, an icon appears in the Users folder. The new role membership takes effect the next time the application is started. Check if this works for your issue/question. Thanks and Regards Krish "Michael S. Androsov" wrote: > Anybody can help me? > I have COM+ application. I (administrator) can stop this application from > Components Services snap-in. Can I define other user for this operation? This > user is not administrator. > > Michael >
Guest Krish Posted November 22, 2007 Posted November 22, 2007 RE: COM+ question Hi Michael, you can also assign appropriate permission through registry or by using the "DCOMDNFG" command line tool Thanks Krish "Krish" wrote: > Hi Michael, > > You can use the Component Services administrative tool to populate a role > with user accounts or groups. The preferred way to assign a user account to a > role is to assign the user account to a Microsoft® Windows® group and then > assign the group to the role. Using Windows groups to populate roles makes it > easier for you to manage large numbers of users. In the online help for the > Computer Management administrative tool, see the topic "Local Users and > Groups" for more information about creating a Windows group or assigning a > user account to a Windows group. > Note To allow unauthenticated network users to run a COM+ application, the > application roles must include the Anonymous user. In Windows Server 2003, by > default, the Anonymous user is not included in the Everyone group. > After you have assigned the user account to the appropriate Windows group, > follow the steps below to assign the Windows group to the role. > To assign a Windows group to a security role > In the console tree of the Component Services administrative tool, locate > the COM+ application that contains the role to which you want to add the user > account or group. Expand the view in the console tree until the application's > roles are visible. > Locate the role to which you want to add the user account or group. > Note If the role you are looking for is not in the Roles folder, the role > has not been added to the application. It must be added to the application by > the developer before you can assign user accounts to the role. > Right-click the Users folder in the role, point to New, and then click User. > In the Select Users or Groups window, in the bottom pane, type the fully > qualified name of the user or group you want to add. If you do not know the > name, click the Advanced button and then click Find Now to view a list of > users and groups in the selected domain. Select a user or group from the Name > (RDN) list, and click OK. > To add more user accounts or groups, repeat step 4. > When you have finished adding user accounts and groups to the role, click OK. > For each user account or group you have assigned to the role, an icon > appears in the Users folder. The new role membership takes effect the next > time the application is started. > > Check if this works for your issue/question. > > Thanks and Regards > > Krish > > "Michael S. Androsov" wrote: > > > Anybody can help me? > > I have COM+ application. I (administrator) can stop this application from > > Components Services snap-in. Can I define other user for this operation? This > > user is not administrator. > > > > Michael > >
Guest Michael S. Androsov Posted November 23, 2007 Posted November 23, 2007 RE: COM+ question Thanks for answer. The given decision is applied if the application developer has provided an administrative role. The developer of my application has not provided such role. I need only the sanction on stop application for user which are not included into group Administrators. I could not find a way of the decision of this problem. Michael S. Androsov "Krish" wrote: > Hi Michael, > > You can use the Component Services administrative tool to populate a role > with user accounts or groups. The preferred way to assign a user account to a > role is to assign the user account to a Microsoft® Windows® group and then > assign the group to the role. Using Windows groups to populate roles makes it > easier for you to manage large numbers of users. In the online help for the > Computer Management administrative tool, see the topic "Local Users and > Groups" for more information about creating a Windows group or assigning a > user account to a Windows group. > Note To allow unauthenticated network users to run a COM+ application, the > application roles must include the Anonymous user. In Windows Server 2003, by > default, the Anonymous user is not included in the Everyone group. > After you have assigned the user account to the appropriate Windows group, > follow the steps below to assign the Windows group to the role. > To assign a Windows group to a security role > In the console tree of the Component Services administrative tool, locate > the COM+ application that contains the role to which you want to add the user > account or group. Expand the view in the console tree until the application's > roles are visible. > Locate the role to which you want to add the user account or group. > Note If the role you are looking for is not in the Roles folder, the role > has not been added to the application. It must be added to the application by > the developer before you can assign user accounts to the role. > Right-click the Users folder in the role, point to New, and then click User. > In the Select Users or Groups window, in the bottom pane, type the fully > qualified name of the user or group you want to add. If you do not know the > name, click the Advanced button and then click Find Now to view a list of > users and groups in the selected domain. Select a user or group from the Name > (RDN) list, and click OK. > To add more user accounts or groups, repeat step 4. > When you have finished adding user accounts and groups to the role, click OK. > For each user account or group you have assigned to the role, an icon > appears in the Users folder. The new role membership takes effect the next > time the application is started. > > Check if this works for your issue/question. > > Thanks and Regards > > Krish > > "Michael S. Androsov" wrote: > > > Anybody can help me? > > I have COM+ application. I (administrator) can stop this application from > > Components Services snap-in. Can I define other user for this operation? This > > user is not administrator. > > > > Michael > >
Guest Krish Posted November 23, 2007 Posted November 23, 2007 RE: COM+ question HI Michael, i was doing some research on this yesterday and found that you can find the GUID for the COM+ App from teh registry. Go to registry and select the HKEY_Class_Root and then do a search with the App name. Once you find the GUID number opena MMC snapin and click on File > Add or Remove Snap-in and then click on add on the pop up box and select the component services. Under component services go to Computers and then My Computer and select the DCOM Config. In this you should find the GUID for your App. Right click the GUID and go to Properties and go to the Security TAB. In the Launch and Activation Permission it will be in default. Select Customize and click on Edit button next to it. After doing this you will get the ACL for the APP and you can add the user. Pleasse let me know if this works. thanks Krish "Michael S. Androsov" wrote: > Thanks for answer. > The given decision is applied if the application developer has provided an > administrative role. The developer of my application has not provided such > role. I need only the sanction on stop application for user which are not > included into group Administrators. > I could not find a way of the decision of this problem. > > Michael S. Androsov > > "Krish" wrote: > > > Hi Michael, > > > > You can use the Component Services administrative tool to populate a role > > with user accounts or groups. The preferred way to assign a user account to a > > role is to assign the user account to a Microsoft® Windows® group and then > > assign the group to the role. Using Windows groups to populate roles makes it > > easier for you to manage large numbers of users. In the online help for the > > Computer Management administrative tool, see the topic "Local Users and > > Groups" for more information about creating a Windows group or assigning a > > user account to a Windows group. > > Note To allow unauthenticated network users to run a COM+ application, the > > application roles must include the Anonymous user. In Windows Server 2003, by > > default, the Anonymous user is not included in the Everyone group. > > After you have assigned the user account to the appropriate Windows group, > > follow the steps below to assign the Windows group to the role. > > To assign a Windows group to a security role > > In the console tree of the Component Services administrative tool, locate > > the COM+ application that contains the role to which you want to add the user > > account or group. Expand the view in the console tree until the application's > > roles are visible. > > Locate the role to which you want to add the user account or group. > > Note If the role you are looking for is not in the Roles folder, the role > > has not been added to the application. It must be added to the application by > > the developer before you can assign user accounts to the role. > > Right-click the Users folder in the role, point to New, and then click User. > > In the Select Users or Groups window, in the bottom pane, type the fully > > qualified name of the user or group you want to add. If you do not know the > > name, click the Advanced button and then click Find Now to view a list of > > users and groups in the selected domain. Select a user or group from the Name > > (RDN) list, and click OK. > > To add more user accounts or groups, repeat step 4. > > When you have finished adding user accounts and groups to the role, click OK. > > For each user account or group you have assigned to the role, an icon > > appears in the Users folder. The new role membership takes effect the next > > time the application is started. > > > > Check if this works for your issue/question. > > > > Thanks and Regards > > > > Krish > > > > "Michael S. Androsov" wrote: > > > > > Anybody can help me? > > > I have COM+ application. I (administrator) can stop this application from > > > Components Services snap-in. Can I define other user for this operation? This > > > user is not administrator. > > > > > > Michael > > >
Guest Michael S. Androsov Posted November 26, 2007 Posted November 26, 2007 RE: COM+ question Thanks for answer! My application has components in the both COM+ Applications snap-in and DCOM Config snap-in. I wish to allow to stop to other user only to component COM +. In the Security TAB of DCOM config I can assign Local & Remote activation & start (not stop). Start right has all users of my application. But stop the component can only administrator (or application stops on a time-out). In the Component Services snap-in exist: System Application \ Roles \ Administrator \ Users. But I can't include user-non administrator in this group. I receiving pop-up box: user have not rights. Sorry for my English. Thanks for attention. Michael S. Androsov "Krish" wrote: > HI Michael, > > i was doing some research on this yesterday and found that you can find the > GUID for the COM+ App from teh registry. Go to registry and select the > HKEY_Class_Root and then do a search with the App name. Once you find the > GUID number opena MMC snapin and click on File > Add or Remove Snap-in and > then click on add on the pop up box and select the component services. Under > component services go to Computers and then My Computer and select the DCOM > Config. In this you should find the GUID for your App. Right click the GUID > and go to Properties and go to the Security TAB. In the Launch and Activation > Permission it will be in default. Select Customize and click on Edit button > next to it. After doing this you will get the ACL for the APP and you can add > the user. > > Pleasse let me know if this works. > > thanks > > Krish > > "Michael S. Androsov" wrote: > > > Thanks for answer. > > The given decision is applied if the application developer has provided an > > administrative role. The developer of my application has not provided such > > role. I need only the sanction on stop application for user which are not > > included into group Administrators. > > I could not find a way of the decision of this problem. > > > > Michael S. Androsov > > > > "Krish" wrote: > > > > > Hi Michael, > > > > > > You can use the Component Services administrative tool to populate a role > > > with user accounts or groups. The preferred way to assign a user account to a > > > role is to assign the user account to a Microsoft® Windows® group and then > > > assign the group to the role. Using Windows groups to populate roles makes it > > > easier for you to manage large numbers of users. In the online help for the > > > Computer Management administrative tool, see the topic "Local Users and > > > Groups" for more information about creating a Windows group or assigning a > > > user account to a Windows group. > > > Note To allow unauthenticated network users to run a COM+ application, the > > > application roles must include the Anonymous user. In Windows Server 2003, by > > > default, the Anonymous user is not included in the Everyone group. > > > After you have assigned the user account to the appropriate Windows group, > > > follow the steps below to assign the Windows group to the role. > > > To assign a Windows group to a security role > > > In the console tree of the Component Services administrative tool, locate > > > the COM+ application that contains the role to which you want to add the user > > > account or group. Expand the view in the console tree until the application's > > > roles are visible. > > > Locate the role to which you want to add the user account or group. > > > Note If the role you are looking for is not in the Roles folder, the role > > > has not been added to the application. It must be added to the application by > > > the developer before you can assign user accounts to the role. > > > Right-click the Users folder in the role, point to New, and then click User. > > > In the Select Users or Groups window, in the bottom pane, type the fully > > > qualified name of the user or group you want to add. If you do not know the > > > name, click the Advanced button and then click Find Now to view a list of > > > users and groups in the selected domain. Select a user or group from the Name > > > (RDN) list, and click OK. > > > To add more user accounts or groups, repeat step 4. > > > When you have finished adding user accounts and groups to the role, click OK. > > > For each user account or group you have assigned to the role, an icon > > > appears in the Users folder. The new role membership takes effect the next > > > time the application is started. > > > > > > Check if this works for your issue/question. > > > > > > Thanks and Regards > > > > > > Krish > > > > > > "Michael S. Androsov" wrote: > > > > > > > Anybody can help me? > > > > I have COM+ application. I (administrator) can stop this application from > > > > Components Services snap-in. Can I define other user for this operation? This > > > > user is not administrator. > > > > > > > > Michael > > > >
Recommended Posts