Minimum permissions to allow COM Object to be Instantiated when running as LocalService
Posted
by Paul Farry
on Stack Overflow
See other posts from Stack Overflow
or by Paul Farry
Published on 2010-05-13T07:01:29Z
Indexed on
2010/05/14
6:34 UTC
Read the original article
Hit count: 449
I'm writing a .NET Service that creates a COM object.
If I run the Service as the Logged on user (everything is fine).
If I run the Service as LocalSystem, everything is fine.
If I run the Service as LocalService, then I get an AccessDeniedException when trying to instantiate the COM Object.
I've come up with the following block to grant the necessary permissions and it appears to work correctly, but I wanted to make sure I wasn't missing something regarding the COM rules.
Private Sub SetAccessToRockeyRegistry()
Using reg As RegistryKey = Microsoft.Win32.Registry.ClassesRoot.OpenSubKey("CLSID\{EE0680D3-AAC3-446B-AFD7-F9DE2D3E28FB}", True)
Dim sec As RegistrySecurity
sec = reg.GetAccessControl
Dim ar As RegistryAccessRule
Dim sid As SecurityIdentifier
sid = New SecurityIdentifier(WellKnownSidType.LocalServiceSid, Nothing)
ar = New RegistryAccessRule(sid, RegistryRights.ReadKey Or RegistryRights.EnumerateSubKeys Or RegistryRights.QueryValues, AccessControlType.Allow)
sec.AddAccessRule(ar)
ar = New RegistryAccessRule(sid, RegistryRights.ReadKey Or RegistryRights.EnumerateSubKeys Or RegistryRights.QueryValues, _
InheritanceFlags.ObjectInherit Or InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, AccessControlType.Allow)
sec.AddAccessRule(ar)
reg.SetAccessControl(sec)
End Using
End Sub
© Stack Overflow or respective owner
