I have successfully managed to come up with a procedure for changing APPLICATION SPECIFIC 'Access Permissions' using vb.net. This is the equivalent of running 'dcomcnfg' and changing the setting by selecting the 'Component services\Computers\My Computer\DCOM Config' folder and the specific application. By right clicking on the application and selecting properties and the security tab, different user accounts can be added or removed. This works fine with this code shown below.
I'm struggling though to come up with code that will change the SYSTEM WIDE equivalent 'Access Permissions'. The code should be the equivalent or running 'dcomcnfg' and changing the the setting by right clicking on My Computer in 'Component services\Computers\My Computer' and selecting properties and the security tab.
I'm hoping that I can modify my existing code but because I am trying to change a system wide setting rather than an application specific setting i'm hitting a roadblock. I've done a lot of searching on google but cannot work it out. Any advice is appreciated.
Private Sub ChangeApplicationDcomAccessSecuritySettings(AddUser As Boolean, RemoveUser As Boolean)
Dim strComputer As String = "."
Dim objWMIService As New Object
objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")
' Get an instance of Win32_SecurityDescriptorHelper
Dim objHelper As New Object
objHelper = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2:Win32_SecurityDescriptorHelper")
' Obtain an instance of the the class
' using a key property value.
Dim objCosmosApp As Object = objWMIService.Get("Win32_DCOMApplicationSetting.AppID='" & OPCServerApplicationID.Trim & "'")
' Get the existing security descriptor for the App
Dim objSD As New Object
objSD = Nothing
Dim ret As Object
ret = objCosmosApp.GetAccessSecurityDescriptor(objSD)
If ret <> 0 Then
MessageBox.Show("Could not get security descriptor: " & ret)
End If
' Convert file security descriptor from Win32_SecurityDescriptor format to SDDL format
Dim SDDLstring As String = ""
ret = objHelper.Win32SDToSDDL(objSD, SDDLstring)
If ret <> 0 Then
MessageBox.Show("Could not convert to SDDL: " & ret)
Else
End If
' Set the Launch security descriptor for the App
' the sidString here the is the securityidentifier for the username that is to be added or removed converted to a string
If AddUser = True And RemoveUser = False Then
SDDLstring = SDDLstring & "(A;;CCDCLCSWRP;;;" & sidString & ")"
End If
If AddUser = False And RemoveUser = True Then
Dim temporarystring As String = "(A;;CCDCLCSWRP;;;" + sidString + ")"
SDDLstring = SDDLstring.Replace(temporarystring, "")
End If
ret = objHelper.SDDLToWin32SD(SDDLstring, objSD)
If ret <> 0 Then
MessageBox.Show("Could not translate SDDL String to Win32SD: " & ret)
End If
ret = objCosmosApp.SetaccessSecurityDescriptor(objSD)
If ret <> 0 Then
MessageBox.Show("Could not set security descriptor: " & ret)
End If
End Sub