Why is "local start" allowed for out-of-line servers by default, but "local activation" is not?

Question

Why is "local start" allowed for out-of-line servers by default, but "local activation" is not?

Currently, I need to create a COM object that is served by an out-proc COM server inside an ASP.NET handler. Therefore, every time I deploy a COM server, I have to start DCOM Config and change the security settings. In particular, I need to make sure that "local start" and "local activation" are allowed for the local ASPNET user.

What surprises me is that when you open the corresponding settings page, "local start" is already allowed, but "local activation" is not allowed.

It doesn’t make sense - why do I need such a combination of permissions?

+3

security windows com dcom

sharptooth May 10 '11 at 7:19

source share

1 answer

Tony lee · Answer 1 · 2011-06-24T20:23:34+0000

I am going to guess about this because it is what is set by default. This is not normal as far as I'm concerned, so I don’t know how this got messed up.

You can set the default permissions in dcomcnfg by looking at the properties of "my computer" on the "COM Security" tab. I think that you will find the default permissions for the COM server in the "Change default values" section for "Launch and Activation Permissions", local activation has not been verified.

Why is "local start" allowed for out-of-line servers by default, but "local activation" is not?

More articles: