Re: Do We Need DCOM Enabled?
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Mon, 12 Feb 2007 04:13:14 -0700
Hey Will, I thought we had an exchange about this once in the
past. For the most part, a system functions fine without DCOM
being enabled, but you do loose some central management
capabilities (most noteably things via WMI such as in quick
scripts). Early .Net development referred to COM+ and its
remoting under the banner "Enterprise Services". DCOM is
legacy, being supplanted with native .Net remoting capabilities.
Other than loosing WMI you might notice mostly issues in
layered applications (even .Net ones which are wrappering
use of DCOM).
"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
news:O4idnRwV4713F1PYnZ2dnUVZ_vWtnZ2d@xxxxxxxxxxxxxxx
In order to further minimize attack surfaces, I'm thinking of
1) uninstalling "Enabled Network COM+ Access" in Add Remove Programs |
Windows Components | Application Servers
2) Starting DCOMCNFG and unselected the Enable DCOM checkbox
Which applications use either of these? When is it important to leave
DCOM enabled on a Windows 2000 and Windows 2003 server?
If you do 1) and 2), why does the DCOM Application Starter service remain
in
Automatic state, and what functions is it performing?
I read that certificate autoenrollment uses DCOM. If you have DCOM
disabled, how would you register your certificates on new servers?
If we want to develop .NET applications, does the .NET 2.0 and 3.0
architecture require DCOM?
--
Will
.
- References:
- Do We Need DCOM Enabled?
- From: Will
- Do We Need DCOM Enabled?
- Prev by Date: Re: Linking PKI directory accounts with Active Directory?
- Next by Date: Audit file/folder access
- Previous by thread: Do We Need DCOM Enabled?
- Next by thread: Linking PKI directory accounts with Active Directory?
- Index(es):
Relevant Pages
|
|
