forked from kitmenke/fix-eventid-10016
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSet-DcomAppPermissions.ps1
28 lines (28 loc) · 1.05 KB
/
Set-DcomAppPermissions.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# Adapted from: Change DCOM config security settings using Powershell (http://stackoverflow.com/a/22104787/98933)
# Overwrites current permissions
# Other sources:
# https://rkeithhill.wordpress.com/2013/07/25/using-powershell-to-modify-dcom-launch-activation-settings/
function Set-DcomAppPermissions {
param(
[string]$appid,
[string]$domain = "NT AUTHORITY",
[string]$username = "SYSTEM"
)
$app = get-wmiobject -query ('SELECT * FROM Win32_DCOMApplicationSetting WHERE AppId = "' + $appid + '"') -enableallprivileges
$sdRes = $app.GetLaunchSecurityDescriptor()
$sd = $sdRes.Descriptor
$trustee = ([wmiclass] 'Win32_Trustee').CreateInstance()
$trustee.Domain = $domain
$trustee.Name = $username
$fullControl = 31
$localLaunchActivate = 11
$ace = ([wmiclass] 'Win32_ACE').CreateInstance()
#$ace.AccessMask = $localLaunchActivate
$ace.AccessMask = $fullControl
$ace.AceFlags = 0
$ace.AceType = 0
$ace.Trustee = $trustee
$sd.DACL | Format-List | Out-File before.txt
$sd.DACL += $ace
$app.SetLaunchSecurityDescriptor($sd)
}