Jump to content

COM+ question

Guest Michael S. Androsov

By Guest Michael S. Androsov
in Windows 2003 Server

 Share

Recommended Posts

Guest Michael S. Androsov

Guest Michael S. Androsov

Posted
Posted

Anybody can help me?

I have COM+ application. I (administrator) can stop this application from

Components Services snap-in. Can I define other user for this operation? This

user is not administrator.

 

Michael

  • Replies 5
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Krish

Guest Krish

Posted
Posted

RE: COM+ question

 

Hi Michael,

 

You can use the Component Services administrative tool to populate a role

with user accounts or groups. The preferred way to assign a user account to a

role is to assign the user account to a Microsoft® Windows® group and then

assign the group to the role. Using Windows groups to populate roles makes it

easier for you to manage large numbers of users. In the online help for the

Computer Management administrative tool, see the topic "Local Users and

Groups" for more information about creating a Windows group or assigning a

user account to a Windows group.

Note To allow unauthenticated network users to run a COM+ application, the

application roles must include the Anonymous user. In Windows Server 2003, by

default, the Anonymous user is not included in the Everyone group.

After you have assigned the user account to the appropriate Windows group,

follow the steps below to assign the Windows group to the role.

To assign a Windows group to a security role

In the console tree of the Component Services administrative tool, locate

the COM+ application that contains the role to which you want to add the user

account or group. Expand the view in the console tree until the application's

roles are visible.

Locate the role to which you want to add the user account or group.

Note If the role you are looking for is not in the Roles folder, the role

has not been added to the application. It must be added to the application by

the developer before you can assign user accounts to the role.

Right-click the Users folder in the role, point to New, and then click User.

In the Select Users or Groups window, in the bottom pane, type the fully

qualified name of the user or group you want to add. If you do not know the

name, click the Advanced button and then click Find Now to view a list of

users and groups in the selected domain. Select a user or group from the Name

(RDN) list, and click OK.

To add more user accounts or groups, repeat step 4.

When you have finished adding user accounts and groups to the role, click OK.

For each user account or group you have assigned to the role, an icon

appears in the Users folder. The new role membership takes effect the next

time the application is started.

 

Check if this works for your issue/question.

 

Thanks and Regards

 

Krish

 

"Michael S. Androsov" wrote:

> Anybody can help me?

> I have COM+ application. I (administrator) can stop this application from

> Components Services snap-in. Can I define other user for this operation? This

> user is not administrator.

>

> Michael

>

Guest Krish

Guest Krish

Posted
Posted

RE: COM+ question

 

Hi Michael,

 

you can also assign appropriate permission through registry or by using the

"DCOMDNFG" command line tool

 

 

Thanks

 

Krish

 

"Krish" wrote:

> Hi Michael,

>

> You can use the Component Services administrative tool to populate a role

> with user accounts or groups. The preferred way to assign a user account to a

> role is to assign the user account to a Microsoft® Windows® group and then

> assign the group to the role. Using Windows groups to populate roles makes it

> easier for you to manage large numbers of users. In the online help for the

> Computer Management administrative tool, see the topic "Local Users and

> Groups" for more information about creating a Windows group or assigning a

> user account to a Windows group.

> Note To allow unauthenticated network users to run a COM+ application, the

> application roles must include the Anonymous user. In Windows Server 2003, by

> default, the Anonymous user is not included in the Everyone group.

> After you have assigned the user account to the appropriate Windows group,

> follow the steps below to assign the Windows group to the role.

> To assign a Windows group to a security role

> In the console tree of the Component Services administrative tool, locate

> the COM+ application that contains the role to which you want to add the user

> account or group. Expand the view in the console tree until the application's

> roles are visible.

> Locate the role to which you want to add the user account or group.

> Note If the role you are looking for is not in the Roles folder, the role

> has not been added to the application. It must be added to the application by

> the developer before you can assign user accounts to the role.

> Right-click the Users folder in the role, point to New, and then click User.

> In the Select Users or Groups window, in the bottom pane, type the fully

> qualified name of the user or group you want to add. If you do not know the

> name, click the Advanced button and then click Find Now to view a list of

> users and groups in the selected domain. Select a user or group from the Name

> (RDN) list, and click OK.

> To add more user accounts or groups, repeat step 4.

> When you have finished adding user accounts and groups to the role, click OK.

> For each user account or group you have assigned to the role, an icon

> appears in the Users folder. The new role membership takes effect the next

> time the application is started.

>

> Check if this works for your issue/question.

>

> Thanks and Regards

>

> Krish

>

> "Michael S. Androsov" wrote:

>

> > Anybody can help me?

> > I have COM+ application. I (administrator) can stop this application from

> > Components Services snap-in. Can I define other user for this operation? This

> > user is not administrator.

> >

> > Michael

> >

Guest Michael S. Androsov

Guest Michael S. Androsov

Posted
Posted

RE: COM+ question

 

Thanks for answer.

The given decision is applied if the application developer has provided an

administrative role. The developer of my application has not provided such

role. I need only the sanction on stop application for user which are not

included into group Administrators.

I could not find a way of the decision of this problem.

 

Michael S. Androsov

 

"Krish" wrote:

> Hi Michael,

>

> You can use the Component Services administrative tool to populate a role

> with user accounts or groups. The preferred way to assign a user account to a

> role is to assign the user account to a Microsoft® Windows® group and then

> assign the group to the role. Using Windows groups to populate roles makes it

> easier for you to manage large numbers of users. In the online help for the

> Computer Management administrative tool, see the topic "Local Users and

> Groups" for more information about creating a Windows group or assigning a

> user account to a Windows group.

> Note To allow unauthenticated network users to run a COM+ application, the

> application roles must include the Anonymous user. In Windows Server 2003, by

> default, the Anonymous user is not included in the Everyone group.

> After you have assigned the user account to the appropriate Windows group,

> follow the steps below to assign the Windows group to the role.

> To assign a Windows group to a security role

> In the console tree of the Component Services administrative tool, locate

> the COM+ application that contains the role to which you want to add the user

> account or group. Expand the view in the console tree until the application's

> roles are visible.

> Locate the role to which you want to add the user account or group.

> Note If the role you are looking for is not in the Roles folder, the role

> has not been added to the application. It must be added to the application by

> the developer before you can assign user accounts to the role.

> Right-click the Users folder in the role, point to New, and then click User.

> In the Select Users or Groups window, in the bottom pane, type the fully

> qualified name of the user or group you want to add. If you do not know the

> name, click the Advanced button and then click Find Now to view a list of

> users and groups in the selected domain. Select a user or group from the Name

> (RDN) list, and click OK.

> To add more user accounts or groups, repeat step 4.

> When you have finished adding user accounts and groups to the role, click OK.

> For each user account or group you have assigned to the role, an icon

> appears in the Users folder. The new role membership takes effect the next

> time the application is started.

>

> Check if this works for your issue/question.

>

> Thanks and Regards

>

> Krish

>

> "Michael S. Androsov" wrote:

>

> > Anybody can help me?

> > I have COM+ application. I (administrator) can stop this application from

> > Components Services snap-in. Can I define other user for this operation? This

> > user is not administrator.

> >

> > Michael

> >

Guest Krish

Guest Krish

Posted
Posted

RE: COM+ question

 

HI Michael,

 

i was doing some research on this yesterday and found that you can find the

GUID for the COM+ App from teh registry. Go to registry and select the

HKEY_Class_Root and then do a search with the App name. Once you find the

GUID number opena MMC snapin and click on File > Add or Remove Snap-in and

then click on add on the pop up box and select the component services. Under

component services go to Computers and then My Computer and select the DCOM

Config. In this you should find the GUID for your App. Right click the GUID

and go to Properties and go to the Security TAB. In the Launch and Activation

Permission it will be in default. Select Customize and click on Edit button

next to it. After doing this you will get the ACL for the APP and you can add

the user.

 

Pleasse let me know if this works.

 

thanks

 

Krish

 

"Michael S. Androsov" wrote:

> Thanks for answer.

> The given decision is applied if the application developer has provided an

> administrative role. The developer of my application has not provided such

> role. I need only the sanction on stop application for user which are not

> included into group Administrators.

> I could not find a way of the decision of this problem.

>

> Michael S. Androsov

>

> "Krish" wrote:

>

> > Hi Michael,

> >

> > You can use the Component Services administrative tool to populate a role

> > with user accounts or groups. The preferred way to assign a user account to a

> > role is to assign the user account to a Microsoft® Windows® group and then

> > assign the group to the role. Using Windows groups to populate roles makes it

> > easier for you to manage large numbers of users. In the online help for the

> > Computer Management administrative tool, see the topic "Local Users and

> > Groups" for more information about creating a Windows group or assigning a

> > user account to a Windows group.

> > Note To allow unauthenticated network users to run a COM+ application, the

> > application roles must include the Anonymous user. In Windows Server 2003, by

> > default, the Anonymous user is not included in the Everyone group.

> > After you have assigned the user account to the appropriate Windows group,

> > follow the steps below to assign the Windows group to the role.

> > To assign a Windows group to a security role

> > In the console tree of the Component Services administrative tool, locate

> > the COM+ application that contains the role to which you want to add the user

> > account or group. Expand the view in the console tree until the application's

> > roles are visible.

> > Locate the role to which you want to add the user account or group.

> > Note If the role you are looking for is not in the Roles folder, the role

> > has not been added to the application. It must be added to the application by

> > the developer before you can assign user accounts to the role.

> > Right-click the Users folder in the role, point to New, and then click User.

> > In the Select Users or Groups window, in the bottom pane, type the fully

> > qualified name of the user or group you want to add. If you do not know the

> > name, click the Advanced button and then click Find Now to view a list of

> > users and groups in the selected domain. Select a user or group from the Name

> > (RDN) list, and click OK.

> > To add more user accounts or groups, repeat step 4.

> > When you have finished adding user accounts and groups to the role, click OK.

> > For each user account or group you have assigned to the role, an icon

> > appears in the Users folder. The new role membership takes effect the next

> > time the application is started.

> >

> > Check if this works for your issue/question.

> >

> > Thanks and Regards

> >

> > Krish

> >

> > "Michael S. Androsov" wrote:

> >

> > > Anybody can help me?

> > > I have COM+ application. I (administrator) can stop this application from

> > > Components Services snap-in. Can I define other user for this operation? This

> > > user is not administrator.

> > >

> > > Michael

> > >

Guest Michael S. Androsov

Guest Michael S. Androsov

Posted
Posted

RE: COM+ question

 

Thanks for answer!

My application has components in the both COM+ Applications snap-in and

DCOM Config snap-in. I wish to allow to stop to other user only to component

COM +.

In the Security TAB of DCOM config I can assign Local & Remote activation &

start (not stop). Start right has all users of my application. But stop the

component can only administrator (or application stops on a time-out).

In the Component Services snap-in exist: System Application \ Roles \

Administrator \ Users. But I can't include user-non administrator in this

group. I receiving pop-up box: user have not rights.

 

Sorry for my English.

 

Thanks for attention.

 

Michael S. Androsov

 

 

"Krish" wrote:

> HI Michael,

>

> i was doing some research on this yesterday and found that you can find the

> GUID for the COM+ App from teh registry. Go to registry and select the

> HKEY_Class_Root and then do a search with the App name. Once you find the

> GUID number opena MMC snapin and click on File > Add or Remove Snap-in and

> then click on add on the pop up box and select the component services. Under

> component services go to Computers and then My Computer and select the DCOM

> Config. In this you should find the GUID for your App. Right click the GUID

> and go to Properties and go to the Security TAB. In the Launch and Activation

> Permission it will be in default. Select Customize and click on Edit button

> next to it. After doing this you will get the ACL for the APP and you can add

> the user.

>

> Pleasse let me know if this works.

>

> thanks

>

> Krish

>

> "Michael S. Androsov" wrote:

>

> > Thanks for answer.

> > The given decision is applied if the application developer has provided an

> > administrative role. The developer of my application has not provided such

> > role. I need only the sanction on stop application for user which are not

> > included into group Administrators.

> > I could not find a way of the decision of this problem.

> >

> > Michael S. Androsov

> >

> > "Krish" wrote:

> >

> > > Hi Michael,

> > >

> > > You can use the Component Services administrative tool to populate a role

> > > with user accounts or groups. The preferred way to assign a user account to a

> > > role is to assign the user account to a Microsoft® Windows® group and then

> > > assign the group to the role. Using Windows groups to populate roles makes it

> > > easier for you to manage large numbers of users. In the online help for the

> > > Computer Management administrative tool, see the topic "Local Users and

> > > Groups" for more information about creating a Windows group or assigning a

> > > user account to a Windows group.

> > > Note To allow unauthenticated network users to run a COM+ application, the

> > > application roles must include the Anonymous user. In Windows Server 2003, by

> > > default, the Anonymous user is not included in the Everyone group.

> > > After you have assigned the user account to the appropriate Windows group,

> > > follow the steps below to assign the Windows group to the role.

> > > To assign a Windows group to a security role

> > > In the console tree of the Component Services administrative tool, locate

> > > the COM+ application that contains the role to which you want to add the user

> > > account or group. Expand the view in the console tree until the application's

> > > roles are visible.

> > > Locate the role to which you want to add the user account or group.

> > > Note If the role you are looking for is not in the Roles folder, the role

> > > has not been added to the application. It must be added to the application by

> > > the developer before you can assign user accounts to the role.

> > > Right-click the Users folder in the role, point to New, and then click User.

> > > In the Select Users or Groups window, in the bottom pane, type the fully

> > > qualified name of the user or group you want to add. If you do not know the

> > > name, click the Advanced button and then click Find Now to view a list of

> > > users and groups in the selected domain. Select a user or group from the Name

> > > (RDN) list, and click OK.

> > > To add more user accounts or groups, repeat step 4.

> > > When you have finished adding user accounts and groups to the role, click OK.

> > > For each user account or group you have assigned to the role, an icon

> > > appears in the Users folder. The new role membership takes effect the next

> > > time the application is started.

> > >

> > > Check if this works for your issue/question.

> > >

> > > Thanks and Regards

> > >

> > > Krish

> > >

> > > "Michael S. Androsov" wrote:

> > >

> > > > Anybody can help me?

> > > > I have COM+ application. I (administrator) can stop this application from

> > > > Components Services snap-in. Can I define other user for this operation? This

> > > > user is not administrator.

> > > >

> > > > Michael

> > > >

 Share
Go to topic listing
×
×
  • Create New...