Re: IIS inherits low integrity level from IE running in protected



Hi,

Not COM+ just a regular ATL service project created by the Dev Studio C++
wizard.
It appears under DCOM Config in the Component Services MMC snapin. The
security properties do not have the 'Enforce access checks for this
application' setting.

It appears to me that going around all the various components of the
application and trying to lower their integrity level is not a very
attractive approach. It is forcing us to lower the protection that integrity
levels should be giving the application objects.

IIS does not go to a low integrity level when accessed in the same way from
another machine - why does it do so when IE is used locally?

Regards,
Richard.

""WenJun Zhang[msft]"" wrote:

Hi Richard,

I assume these OOP objects are COM+ applications registered on your server.
Please open Component Services mmc and expand COM+ application installed on
the machine. Find the OOP application packages used by your ASP application
and uncheck 'Enforce access checks for this application' in their
property->Security tab. Will the call still get access denied error after
that?

Thanks.

Sincerely,

WenJun Zhang

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


.



Relevant Pages

  • RE: Distributed Transaction Coordinator (MSDTC) will not start
    ... Please contact Microsoft Product Support. ... applications in the component services MMC ... caused by the custom components running in the COM+ application, ...
    (microsoft.public.windowsxp.general)
  • RE: Distributed Transaction Coordinator (MSDTC) will not start
    ... A critical error occurred in an MS DTC component therefore the process is ... Please contact Microsoft Product Support. ... applications in the component services MMC ... caused by the custom components running in the COM+ application, ...
    (microsoft.public.windowsxp.general)
  • Re: IIS inherits low integrity level from IE running in protected
    ... If a file's integrity level is not set, ... Internet Explorer 7 is run on the local system, ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS inherits low integrity level from IE running in protected
    ... With basic auth the browser integrity level does not affect IIS. ... access denied when w3wp is at low integrity level. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.inetserver.iis.security)
  • RE: How are tokens w/o mandatory integrity SID treated?
    ... Vista is not in the official support boundary yet. ... I assume what without an integrity level in the process token, ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.win32.programmer.kernel)