Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Com+ permissions

from [Randhir Vayalambrone] Network Security [Permanent Link]
Subject: Re: Com+ permissions
Date: Thu, 24 Feb 2005 09:13:47 -0800 (PST) 

Just a thought, if possible set up a single
responsible user (and maybe a secondary backup) with
administrative privileges who will be responsible for
publishing components in COM+ on your servers. This is
more of a procedural/process solution.

Another thing that could be done would be to script
COM+ administration task and have the script scheduled
to run every so many intervals of time (maybe you
publish your updated components to your servers once a
week or once a month???). This way, you'd have to
setup the infrastructure in place to upload the
updated components to a temporary location on the
server (using either NetBIOS share with write
permission or ftp or http upload ...) and then have
the script pickup the updated components from this
temporary location, move it to your applications
component location and use either comutil.vbs or
something similar to update it in COM+. (you might
also want to have support in your script to backup the
COM+ metabase and select registry hives before running
the update to COM+)

AFAIK, these are the only ways to get this done. COM+
administration requires administrative privileges, you
would not want it any other way. A system
administrator should be performing these tasks.

Thanks,
Randhir Vayalambrone.



--- Gustavo Mateus <gustavo@gustavo.eti.br> wrote:


Do you have any how-to?
I've already tried to work with MTS roles but it
didn't work.

Pawel.Janowski@bremultibank.com.pl wrote:


Hello,

You could use a Component Services (aka MTS) with

security identity.


w/regards
Paul

-----Original Message-----
From: Gustavo Mateus

[mailto:gustavo@gustavo.eti.br] 

Sent: Wednesday, February 23, 2005 9:53 PM
To: focus-ms@securityfocus.com
Subject: Com+ permissions

I have a big problem when I have to give access on

windows servers for 

user who need to publish com+ dll because they all

need to be in 

"Administrators" group.

Has anyone found any solution for that?
Is there someway to publish com+ dll without been

the server administrator?


Thanks





---------------------------------------------------------------------------

---------------------------------------------------------------------------



 






---------------------------------------------------------------------------



---------------------------------------------------------------------------






=====
"If you can imagine it, you can achieve it; if you can dream it, you can become 
it."
(William Arthur Ward)

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Com+ permissions, Gustavo Mateus
Next by Date:  Prohibit Folder Compression, Ryosuke Katsumata
Previous by Thread:  Re: Com+ permissions, Gustavo Mateus
Next by Thread:  RE: Domain Controller Best Practice - Thanks!, Sullivan Tim P
Indexes:  [Date] [Thread] [Top] [All Lists]