Accessing DCOM Security with System.Security.AccessControl possible?

Question

I know that the DCOM topic has been discussed a couple of times already. However, I am not satisfied with the solutions that are available (yet). This is why I start a new question here.

Every knows by now that The Access Control Lists (ACL) that store information about which users may do what with applications are stored in the registry under HKCL\AppID{GUID}[AccessPermission|LaunchPermission]. These keys contain "serialized ACL" data in binary form (byte[]).

I simply do not believe that it is not possible to work with these values with the System.Security.AccessControl namespace. There must be a way of "deserializing" them and add or remove entries to and from them.

Also, I am of course talking about a .NET solution. It may or may not be necessary p/invoking some magic api functions or implementing some weird structs whatsoever, but I am sure that it's possible to implement a nice and intuitive .NET library that enables us to deal with DCOM Security Settings from managed code.

Does anyone have an idea of how to do it?

Answer 1

While I have not been able to find a fully managed solution, you will find a sample program DCOMPerm in the "Server 2008 Windows SDK". This can be used as a model to create a fully managed version of DCOM security settings.

In my case, I read the license for the SDK, which states that object code created from the samples may be distributed. So I ended up EXEC'ing DCOMPerm.exe to set access permissions from the install.

Answer 2

Thank you very much, what a great hint. DCOMPerm saved my as on a win2008 core installation!!