Document revision date: 15 July 2002 | |
Previous | Contents | Index |
The system uses the systemwide default security values unless you specify a different setting.
The system displays the Application Security submenu.
Figure 6-6 Application Security Submenu
--------------------------------------------------------- Application Security Application name: Inside COM, Chapter 11 Example Current Access permissions: Custom Current Launch permissions: Custom Current Configuration permissions: Default 1 - Use Default Access permission 2 - Edit Custom Access permission 3 - Use Default Launch permission 4 - Edit Custom Launch permission 5 - Use Default Configuration permission 6 - Edit Custom Configuration permission (E to Exit to previous menu) (H for Help) Please enter your choice: --------------------------------------------------------- |
The options are as follows:
To display this submenu:
Figure 6-7 Registry Value Permissions Submenu
--------------------------------------------------------- Registry Value Permissions Application name: Inside COM, Chapter 11 Example Registry Value: LaunchPermission Owner: Administrator Index Name Type of Access 1 OPENVMS_DCOM\USER1 Deny 2 BUILTIN\Administrators Allow 3 Everyone Allow 4 NT AUTHORITY\SYSTEM Allow 5 OPENVMS_DCOM\USER2 Allow (Index Number to Delete or Modify Access) (A to Add to list) (E to Exit to previous menu) (H for Help) Please enter your choice: --------------------------------------------------------- |
The options are as follows:
Figure 6-8 Edit Registry Value Permissions Submenu
--------------------------------------------------------- Edit Registry Value Permissions Application name: Inside COM, Chapter 11 Example Registry Value: AccessPermission Owner: Administrator Name: OPENVMS_DCOM\USER1 Type of Access: Deny 1 - Delete entry from list 2 - Change Access (E to Exit to previous menu) (H for Help) Please enter your choice: --------------------------------------------------------- |
The options are as follows:
Figure 6-9 Add Registry Value Permissions Submenu
--------------------------------------------------------- Add Registry Value Permissions Application name: Inside COM, Chapter 11 Example Registry Value: LaunchPermission Owner: ROLLO 1 - Add Specific User or Group 2 - Add Everyone 3 - Add NT AUTHORITY\System 4 - Add BUILTIN\Administrators (E to Exit to previous menu) (H for Help) Please enter your choice: --------------------------------------------------------- |
To display this submenu:
Figure 6-10 Registry Key Permissions Submenu
--------------------------------------------------------- Registry Key Permissions Application name: Inside COM, Chapter 11 Example Registry Key: Inside COM, Chapter 11 Example Owner: Administrator Index Name Type of Access 1 BUILTIN\Administrators Full Control 2 NT AUTHORITY\SYSTEM Full Control 3 CREATOR OWNER Full Control 4 Everyone Special Access 5 OPENVMS_DCOM\USER1 Read (Index Number to Delete or Modify Access) (A to Add to list) (E to Exit to previous menu) (H for Help) Please enter your choice: --------------------------------------------------------- |
The options are as follows:
Figure 6-11 Edit Registry Key Permissions Submenu
--------------------------------------------------------- Edit Registry Key Permissions Application name: Inside COM, Chapter 11 Example Registry Key: Inside COM, Chapter 11 Example Owner: Administrator Name: BUILTIN\Administrators Type of Access: Full Control 1 - Delete entry from list 2 - Allow Full Control 3 - Allow Read Access 4 - Set/View Special Access (E to Exit to previous menu) (H for Help) Please enter your choice: --------------------------------------------------------- |
The options are as follows:
Figure 6-12 Special Access Registry Key Permissions Submenu
--------------------------------------------------------- Special Access Registry Key Permissions Application name: Inside COM, Chapter 11 Example Registry Key: Inside COM, Chapter 11 Example Name: Everyone Type of Access Current Value 0 - Query Value Yes 1 - Set Value Yes 2 - Create Subkey Yes 3 - Enumerate Subkeys Yes 4 - Notify Yes 5 - Create Link No 6 - Delete Yes 7 - Write DACL No 8 - Write Owner No 9 - Read Control Yes (E to Exit to previous menu) (H for Help) Please enter your choice: --------------------------------------------------------- |
The options are as follows:
Figure 6-13 Add Registry Key Permissions Submenu
--------------------------------------------------------- Add Registry Key Permissions Application name: Inside COM, Chapter 11 Example Registry Key: Inside COM, Chapter 11 Example Owner: Administrator 1 - Add Specific User or Group 2 - Add Everyone 3 - Add NT AUTHORITY\System 4 - Add BUILTIN\Administrators (E to Exit to previous menu) (H for Help) Please enter your choice: --------------------------------------------------------- |
The options are as follows:
To display this submenu:
The system displays the Application Identity submenu.
Figure 6-14 Application Identity Submenu
--------------------------------------------------------- Application Identity Which user account do you want to use to run this application? Application name: Inside COM, Chapter 11 Example Current Identity: NTLM Account OPENVMS_DCOM\USER2 1 - Launching User 2 - NTLM Account 3 - OpenVMS Username 4 - OpenVMS DCOM Guest Account (E to Exit to previous menu) (H for Help) Please enter account you wish to use: --------------------------------------------------------- |
If you enter a new password, the system does not synchronize the new password with any other password. You must synchronize the passwords manually. You must have the IMPERSONATE privilege for the password to be validated. You must have system write access (SYSPRV or REG$UPDATE) to the OpenVMS Registry to write the password to the database. |
To display this submenu, from the DCOM$CNFG Main menu, choose option 2.
The system displays the System-wide Default Properties submenu.
Figure 6-15 System-wide Default Properties Submenu
--------------------------------------------------------- System-wide Default Properties 1 - Enable Distributed COM on this computer (Yes/No) Current value: Yes 2 - Default Authentication Level 3 - Default Impersonation Level (E to Exit to previous menu) (H for Help) Please enter your choice: --------------------------------------------------------- |
Figure 6-16 Default Authentication Level Submenu
------------------------------------------------------------------ Default Authentication Level The Authentication Level specifies security at the packet level. Current value: Connect 1 - Default 2 - None 3 - Connect 4 - Call 5 - Packet 6 - Packet Integrity (E to Exit to previous menu) (H for Help) Please enter your choice: ------------------------------------------------------------------ |
Figure 6-17 Default Impersonation Level Submenu
------------------------------------------------------------------ Default Impersonation Level The Impersonation Level specifies whether applications can determine who is calling them, and whether the application can perform operations using the client's identity. Current value: Identify 1 - Anonymous 2 - Identify 3 - Impersonate (E to Exit to previous menu) (H for Help) Please enter your choice: ------------------------------------------------------------------ |
To display this submenu, from the DCOM$CNFG Main Menu, choose option 3.
The system displays the System-wide Default Security submenu.
Figure 6-18 System-wide Default Security Submenu
------------------------------------------------------------------ System-wide Default Security 1 - Access Permissions Default 2 - Launch Permissions Default 3 - Configuration Permissions Default (E to Exit to previous menu) (H for Help) Please enter your choice: ------------------------------------------------------------------ |
The options are as follows:
When you first install the system, by default only
Administrator
and
System
accounts have application launch and access permissions. Compaq
recommends that you do not change these default settings. Typically you
modify an individual application's launch and access security to grant
or deny permissions to
Everyone
, various
Groups
, or even specific users. Compaq recommends this technique over
adjusting the machinewide default security settings that affect all
applications.
6.4 Registering In-Process Servers: DCOM$REGSVR32 Utility
All COM components (implemented as either an out-of-process server or as an in-process server) must be registered in the OpenVMS Registry before you can use them.
Out-of-process servers, which are implemented as executable programs ( .EXE files), usually contain code to register and unregister the components contained within them. The advantage an out-of-process server has over an in-process server is that you can run the executable and automatically create the necessary registry keys.
In-process servers, which are usually implemented as dynamic link libraries ( .DLL files) on Windows NT or as shareable images on OpenVMS, also contain code to register and unregister the components within them automatically. However, these in-process servers cannot be run the same way as an executable image because they do not contain a main entry point. As a result, you must manually register the components contained within a .DLL , or create a command procedure to perform the registration.
Microsoft provides the REGSVR32 utility that you can use to register the components contained within a DLL. REGSVR32 takes as a command line argument the following:
When registering a DLL's components, REGSVR32 searches the specified DLL for the DllRegisterServer symbol and, if found, calls it. When unregistering a DLL, REGSVR32 calls DllUnregisterServer . This means that all in-process components that you want to register automatically must include these two entry points in their export files.
To facilitate the registration of components contained within shareable images on OpenVMS systems, Compaq created the DCOM$REGSVR32 utility. The DCOM$REGSVR32 utility does the same things that the Microsoft REGSVR32 utility does. Any shareable images that contain components to be registered must also include the DllRegisterServer and DllUnregisterServer universal symbols in their symbol vectors. Both the DCOM$REGSVR32 and the REGSVR32 utilities use the same command line syntax.
During the COM for OpenVMS installation, the system places the DCOM$REGSVR32.EXE file in the SYS$SYSTEM directory.
Before you use the DCOM$REGSVR32 utility, you must define a symbol that allows the utility to accept foreign command lines. For example:
$ regsvr32 :== $DCOM$REGSVR32 |
Alternatively, you can activate the DCOM$REGSVR32 utility as follows:
$ MCR DCOM$REGSVR32 |
You can use either method to activate the utility, and register or unregister components contained in shareable images.
To display help for DCOM$REGSVR32, enter the following:
$ regsvr32 -? |
Table 6-1 summarizes the DCOM$REGSVR32 command line options.
Switch | Use |
---|---|
-?, /? | Display help file (this table). |
shareable-image-name | Register the specified shareable image name. |
-u or /u image-name | Unregister the specified shareable image name. |
The DCOM$REGSVR32 utility requires that the shareable image name contain a full directory specification. |
Example 6-4 demonstrates how to register an in-process component (contained within a shareable image) using the DCOM$REGSVR32 utility.
Example 6-4 Registering a Component Using the DCOM$REGSVR32 Utility |
---|
$ regsvr32 USER$DISK:[SEYMOUR.DISPATCH_SAMPLE1]CMPNT$SHR.EXE Class factory: Create self. DllRegisterServer: Registering Server DLL Creating key CLSID\{0C092C2C-882C-11CF-A6BB-0080C7B2D682} Creating key CLSID\{0C092C2C-882C-11CF-A6BB-0080C7B2D682}\InProcServer32 Creating key CLSID\{0C092C2C-882C-11CF-A6BB-0080C7B2D682}\ProgID Creating key CLSID\{0C092C2C-882C-11CF-A6BB-0080C7B2D682}\VersionIndependentProgID Creating key CLSID\{0C092C2C-882C-11CF-A6BB-0080C7B2D682}\TypeLib Creating key InsideCOM.Chap11 Creating key InsideCOM.Chap11\CLSID Creating key InsideCOM.Chap11\CurVer Creating key InsideCOM.Chap11.1 Creating key InsideCOM.Chap11.1\CLSID Class factory: Destroy self. |
Example 6-5 demonstrates how to unregister an in-process component (contained within a shareable image) using the DCOM$REGSVR32 utility.
Example 6-5 Unregistering a Component Using the DCOM$REGSVR32 Utility |
---|
$ regsvr32 /u USER$DISK:[SEYMOUR.DISPATCH_SAMPLE1]CMPNT$SHR.EXE Class factory: Create self. DllUnregisterServer: Unregistering Server DLL Deleting key InProcServer32 Deleting key ProgID Deleting key VersionIndependentProgID Deleting key TypeLib Deleting key LocalServer32 Deleting key CLSID\{0C092C2C-882C-11CF-A6BB-0080C7B2D682} Deleting key CLSID Deleting key CurVer Deleting key InsideCOM.Chap11 Deleting key CLSID Deleting key InsideCOM.Chap11.1 Class factory: Destroy self. |
Previous | Next | Contents | Index |
privacy and legal statement | ||
6539PRO_006.HTML |