Minimum permissions to COM Object to Instantiate running as LocalService
Posted
by Paul Farry
on Stack Overflow
See other posts from Stack Overflow
or by Paul Farry
Published on 2010-05-13T07:01:29Z
Indexed on
2010/05/13
7:04 UTC
Read the original article
Hit count: 420
I'm writing a .NET Service that creates a COM object.
If I run the Service as the Logged on user (everything is fine).
If I run the Service as LocalSystem, everything is fine.
If I run the Service as LocalService, then I get an AccessDeniedException when trying to instantiate the COM Object.
I've come up with the following block to grant the necessary permissions and it appears to work correctly, but I wanted to make sure I wasn't missing something regarding the COM rules.
Private Sub SetAccessToRockeyRegistry()
Using reg As RegistryKey = Microsoft.Win32.Registry.ClassesRoot.OpenSubKey("CLSID\{EE0680D3-AAC3-446B-AFD7-F9DE2D3E28FB}", True)
Dim sec As RegistrySecurity
sec = reg.GetAccessControl
Dim ar As RegistryAccessRule
Dim sid As SecurityIdentifier
sid = New SecurityIdentifier(WellKnownSidType.LocalServiceSid, Nothing)
ar = New RegistryAccessRule(sid, RegistryRights.ReadKey Or RegistryRights.EnumerateSubKeys Or RegistryRights.QueryValues, AccessControlType.Allow)
sec.AddAccessRule(ar)
ar = New RegistryAccessRule(sid, RegistryRights.ReadKey Or RegistryRights.EnumerateSubKeys Or RegistryRights.QueryValues, _
InheritanceFlags.ObjectInherit Or InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, AccessControlType.Allow)
sec.AddAccessRule(ar)
reg.SetAccessControl(sec)
End Using
End Sub
© Stack Overflow or respective owner
