|
Posted by Roger Abell [MVP] on December 27, 2005, 11:06 am
If you were Registered and logged in, you could reply and use other advanced thread options
No, it is not necessary for the domain account to be an
administrator on the involved machines, and, in fact the
account should definitely not be.
It sounds like you are not taking DCom launch/access
permissions into account. These are defined on a per
COM+ component basis (when the defaults are not
sufficient), which is within the Components mmc and
which may be set for the components by the installer
during installation by an admin. Notice also that XP SP2
and W2k3 Sp1 added further DCom/Com+ security
settings (in the Security Options part of group policy)
but these should only come into play when an application
is relying on the default values (for launch/access/etc).
You would be best off adjusting the permissions that are
specific to your components - admins will be resistant to
either granting admin or over loosening for all just for the
sake of your application (or at least they should be).
> Hi everybody,
>
> I have a system consists of 4 servers. On each server there are services
> and
> COM+ components installed. The services and components run under
> applicative
> user. The 4 servers interact via DCOM technology. If the applicative user
> is
> a regular user in the Domain, the DCOM operations fail because of "Access
> denied". If this user is local administrator on 4 servers everything works
> fine. Does anyone know, what are the minimal roles needed for the
> applicative
> user so the DCOM technology will work between the servers? Must he be an
> administrator? The operation system is Windows 2003.
> Thank you in advance for any help
>
> Efrat
>
| 
XML site map