NERD! – questo è sempre un promemoria per me, andate tranquilli.

Keith Hill's Blog

A few weeks ago I had the need to customize DCOM launch & activation permissions for a COM component.  I came up with this hack, er script, that I thought I would share “as-is”.  If anybody wants to take this and run with it – go for it.

function New-DComAccessControlEntry {
param(
[Parameter(Mandatory=$true, Position=0)]
[string]
$Domain,

[Parameter(Mandatory=$true, Position=1)]
[string]
$Name,

[string]
$ComputerName = ".",

[switch]
$Group
)

#Create the Trusteee Object
$Trustee = ([WMIClass] "\\$ComputerName\root\cimv2:Win32_Trustee").CreateInstance()
#Search for the user or group, depending on the -Group switch
if (!$group) {
$account = [WMI] "\\$ComputerName\root\cimv2:Win32_Account.Name='$Name',Domain='$Domain'" }
else {
$account = [WMI] "\\$ComputerName\root\cimv2:Win32_Group.Name='$Name',Domain='$Domain'"
}

#Get the SID for the found account.
$accountSID = [WMI] "\\$ComputerName\root\cimv2:Win32_SID.SID='$($account.sid)'"

#Setup Trusteee object
$Trustee.Domain = $Domain
$Trustee.Name = $Name
$Trustee.SID = $accountSID.BinaryRepresentation

#Create ACE (Access Control List) object.
$ACE = ([WMIClass] "\\$ComputerName\root\cimv2:Win32_ACE").CreateInstance()

# COM Access Mask
# Execute = 1,
# Execute_Local…

View original post 107 altre parole