RE: dcomcnfg.exe interactive user vs launching user
From: Freist [MSFT] (freistli_at_online.microsoft.com)
Date: 06/04/03
- Next message: Alessandro Perilli: "Re: security on additional non standard web ports?"
- Previous message: Intermedia.NET Support \(DS\): "Re: web site got hacked"
- In reply to: siddharth khare: "dcomcnfg.exe interactive user vs launching user"
- Next in thread: siddharth khare: "RE: dcomcnfg.exe interactive user vs launching user"
- Reply: siddharth khare: "RE: dcomcnfg.exe interactive user vs launching user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 04 Jun 2003 11:47:36 GMT
Hi Sidd,
Thanks for your posts.
The interactive user means:
the server runs using the security context of the user currently logged
onto the computer. Points to consider are:
If nobody is logged on, then the application does not start.
This is the only option that allows the application to display a user
interface.
The rights of your application vary according to who is logged on to the
computer.
The launching user means:
The application runs by using the security context of the user who started
the application. In other words, the application uses the same security
context as that of the client. If you select this option, and several
clients with different security contexts instantiate objects from this
server, then several instances of the server launch, one for each security
context. Additional points to consider are:
Cannot be used if the server has a User Interface.
Cannot be used if the application makes call backs or fires events, or if
it instantiates objects on a third computer, unless delegation is enabled.
Only Windows 2000 allows you to enable delegation.
Cannot be used if users accessing the application are non-domain users.
Always check the Unattended Execution option when compiling the server. You
set this option in the Project Properties window in the General tab.
This user - With this option you can provide a user name and a password
and, when the server launches, it runs under the security context of this
user. Additional points to consider are:
Cannot be used if the server has a User Interface.
Is usually the best option if the server does not have a User Interface,
because you can define precisely what rights you want to give to this
server. You could create a user specifically for this purpose. This is the
best option in terms of scalability. If the application will access some
specific resource and you won't allow anonymouse users from Web Server to
access them, you should not use this option. And you should configure the
proper acess permissions under the Security tab.
Hope the information can help you. By the way, if you have DCOM/COM related
questions in the future, recommend you to confirm
more information in the Microsoft.public.platformsdk.com_ole newsgroup -
the folks there would be able to deliver more related information if there
are any.
Best Regards,
Freist Li
Microsoft Online Support Engineer
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Alessandro Perilli: "Re: security on additional non standard web ports?"
- Previous message: Intermedia.NET Support \(DS\): "Re: web site got hacked"
- In reply to: siddharth khare: "dcomcnfg.exe interactive user vs launching user"
- Next in thread: siddharth khare: "RE: dcomcnfg.exe interactive user vs launching user"
- Reply: siddharth khare: "RE: dcomcnfg.exe interactive user vs launching user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
