问题
I've created a COM+ server application and the caller can't access it - when it tries to instantiate a COM object (CoCreateInstance()
) from that application the following appears in system log:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {class id of COM object here} and APPID {app id of the COM+ application here} to the user MACHINENAME\administrator SID (SID here) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
The only way to tweak COM+ access seems to be using roles but the application has "enforce access checks" unchecked so it looks like there should be no restrictions. Yet the object won't instantiate.
How do I allow a certain user access a specific COM+ application so that he can instantiate objects from there?
回答1:
The first thing you should do is check to see if you can create this object outside of the application. I am using vbscript here;
dim vvv
set vvv= CreateObject ("CoCreateInstance()")
if isnull(vvv) then
msgbox "null"
else
msgbox "not null"
end if
If you cannot create the object, then there is probably an issue with the .dll and you might be best served just wiping the component out of the registry and completely reinstalling/reimplementing it.
If you can create the object, there is an issue with the application accessing the component. This is usually due to one of the following reasons;
Component Security settings
- For the purposes of finding the issue, you are right to uncheck "enforce access checks". Make sure you uncheck the box at both the application (package) level AND the component level.
User settings
- Check out this link. In addition to their advice, try adding IUSR_servername as a member of Administrators.
Mismatch between Component services and the registry
- We need to make sure the CLSID's in Component services match the registry. In component services, look for the component (not the application) and look at the properties. If the component is in there, it is definetely registered. While you are here we might as well double check some settings. Is the DLL address valid? Are security, transactions and activation settings correct? OK, now notice the CLSID in the general tab. Go into the registry editor and find the CLSID in HKEY_CLASSES_ROOT (it should be there). Make sure the dll address and the ProgID are correct. Also verify the key and subkeys are structured in a similar way to your other components.
If none of this works, search the registry for the component's name and wipe it out. then reinstall.
来源:https://stackoverflow.com/questions/6293047/how-do-i-grant-access-to-my-com-application