Disable DCOM?

Disable DCOM?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Disable DCOM? Ann 01-11-2008
`--> Re: Disable DCOM? Roger Abell [MV...01-12-2008
Posted by =?Utf-8?B?QW5u?= on January 11, 2008, 1:07 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello all,

We recently had a security audit done on our systems and one of the things
that came out of this was for us to disable DCOM on the affected servers.

Being fairly new to the Windows server environment…I have a mixture of 2000
and 2003 server. Our domain controllers and DNS servers are 2003. My
questions are:

1. What does disabling DCOM really affect? Will my ability to remote
desktop to servers be disabled if I do this?

2. Does DNS or AD require DCOM?

I greatly appreciate your input.

Thanks!


Posted by Brian Komar on January 11, 2008, 6:42 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
That would be a really bad idea.
Brian

> Hello all,
>
> We recently had a security audit done on our systems and one of the things
> that came out of this was for us to disable DCOM on the affected servers.
>
> Being fairly new to the Windows server environment…I have a mixture of
> 2000
> and 2003 server. Our domain controllers and DNS servers are 2003. My
> questions are:
>
> 1. What does disabling DCOM really affect? Will my ability to remote
> desktop to servers be disabled if I do this?
>
> 2. Does DNS or AD require DCOM?
>
> I greatly appreciate your input.
>
> Thanks!
>


Posted by Paul Adare on January 11, 2008, 7:02 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Fri, 11 Jan 2008 10:07:01 -0800, Ann wrote:

> We recently had a security audit done on our systems and one of the things
> that came out of this was for us to disable DCOM on the affected servers.

You need to demand the return of any fees you've paid to the company that
performed the audit for you.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Congratulations! You are the one-millionth user to log into our system.

Posted by =?Utf-8?B?QW50ZWF1cw==?= on January 14, 2008, 12:53 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
"Paul Adare" wrote:

> On Fri, 11 Jan 2008 10:07:01 -0800, Ann wrote:

> You need to demand the return of any fees you've paid to the company that
> performed the audit for you.

Masculine bovine stools.

DCOM has in the past been a known security issue, and was at the root of
several very high-risk virus exploits. The advice is basically sound, but
maybe needs qualifying. If you want to disable it, you can do so from the
dcomcnfg tool, or with DComBob from http://grc.com

Whatever you do, don't try to disable the DCOM/RPC services themselves
though, or the computer won't boot. :-/

Whether disabling will affect anything depends on your setup. I've so far
found only one program that whinged at DCOM not being available. You may find
that some of the domain-based remote management tools are not available.

Easy enough to turn it back on, anyway.




Posted by Brian Komar on January 14, 2008, 5:34 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
<snip>
> Masculine bovine stools.
>
nice.... realy nice...

Similar ThreadsPosted
DCOM February 20, 2006, 10:33 am
Dcom Exploit May 16, 2008, 2:14 pm
Windows 2003 DCOM October 17, 2005, 11:00 pm
WMI / DCOM 'ACCESS DENIED' February 28, 2007, 7:29 am
Mapping IPC$ doesn't work for DCOM June 18, 2008, 6:15 pm
Access DCOM remotly W2003 June 29, 2005, 8:53 am
Access and roles in DCOM technology December 27, 2005, 3:52 am
Security Policy Updates & DCOM January 18, 2006, 4:20 am
Set DCOM Permissions via Command Line May 18, 2006, 10:42 am
Connecting to a remote domain using DCOM and reading AD November 9, 2005, 9:55 am

The site map in XML format XML site map

Contact Us | Privacy Policy