Permission settings for DCOM Demo sample program

The following permissions settings are required to enable callbacks and/or withevents via DCOM.
Make the following settings for your server: (pay particular attention to the Interactive settings)

On the NT SERVER using DCOMCNFG.EXE:

1.  Select the server ProgID or GUID
2.  Click Properties
3.  Select the Security Tab
4.  Make the following changes:

CUSTOM ACCESS PERMISSIONS:
   Everyone -allow access
   System     -allow access
   Interactive -allow access

CUSTOM LAUNCH PERMISSIONS:
   Everyone  -allow launch
   System     -allow launch
   Interactive -allow launch

CUSTOM CONFIGURATION PERMISSIONS:
   CREATOR-OWNER -full
   Everyone -read
   System -full
   Interactive -full

5.  Select the Identity Tab
6.  Select "The Interactive User"
7.  Click OK.
8.  Click Ok.


We have also found it neccessary to set the default authentication level to "none" on both the client and the server in certain network situations.
Note: Make sure you test your DCOM application where the client and the server are running under different user accounts.

On the NT CLIENT and SERVER systems:
1. Using DCOMCNFG select Default Properties Tab.
2. Set the Default Authentication Level to "None"

If you are still getting error 70 "Permission denied" then you can also set the clients default identity to "impersonate".

On the NT CLIENT system:
1. Using DCOMCNFG select Default Properties Tab.
2. Set the Default Impersonation Level to "Impersonate"

*These client settings are only neccessary in certain situations and can be added via setup code to the clients registry.
*DCOM registry keys are intended for Legacy software and not for Proprietary software or programming convenience.
*You should use these settings with caution and make sure that you understand all of the security implications involved.

The additional DCOM configuration that needs to occur for an NT server (or workstation) to communicate with a Win95 client application is the following:

On the CLIENT Win95 system:
1.  Using DCOMCNFG select Default Security Tab
2.  Click Edit Default
3.  Grant Access to "The World" user.

This will allow objects WithEvents to work across DCOM from Win95 to NT (and back).
If you are trying to use WIN95 as a DCOM server then see Q165101 in the Knowledge Base.
