I would like to create a COM object that runs in an out of process COM server as another user. How do I do that?
I have control over the COM server source code and my COM client is the only one that will be creating these COM objects.
views:
194answers:
3
+1
A:
Are you writing this for Vista? If so, you can use a special COM invokation that runs the COM object in an elevated state. See this article for more details.
If you are not talking about UAC, you might checkout the CoInitializeSecurity function.
j0rd4n
2009-05-13 14:39:20
This needs to be for any OS running Exchange Server. Windows 2003 and 2008 at least.
Hannes de Jager
2009-05-13 14:41:50
See my update on CoInitializeSecurity.
j0rd4n
2009-05-13 14:43:33
+1
A:
We use COM+ to run objects as a network user that has certain rights we have given it (most to Windows Authentication to a SQL server.) What this doesn't do is control who can call these objects to untilize the security we have given it.
In Vista and future, there is a COM elevation capability that does exactly what you are looking for. Oh, looks like someone just posted that. Follow the link they left.
Joe
2009-05-13 14:42:51
Took me a while to figure out how the whole COM+ thing works, but it now seems to do whats needed. Thanks for the info
Hannes de Jager
2009-07-24 13:18:56
+1
A:
Use RunAs -- see http://msdn.microsoft.com/en-us/library/ms680046(VS.85).aspx.
N.B. This setting can also be configured via dcomcnfg (Win2000) or comexp.msc (WinXP+) under "DCOM config"
If your object is implemented as an InProc server, you may combine this with a DLL surrogate (see http://msdn.microsoft.com/en-us/library/ms691260(VS.85).aspx).
Johannes Passing
2009-05-13 14:52:54