none
Windows Server 2008 R2 DCOM Access RRS feed

  • Question

  • Hi,

    Currently I am trying to create a pure Java DCOM-Bridge to a Windows Server 2008 R2, using j-interop and I am having some trouble, which I hope someone might have a solution for.

    ===== Windows 8 64bit =======

    First I tried it with a Windows 8 (64 bit) system. I connect to the WbemScripting.SWbemLocator in order to access WMI. For me the problem occurred, that since Windows 7 there exists a TrustedInstaller who is owner of some registry keys and my DCOM Bridge results in an access denied.

     

    In my case TrustedInstaller was also the owner of the following two keys:

     

    HKEY_ROOT\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}

    HKLM\Software\Classes\Wow6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}

     

    Both keys are related to WbemScripting.SWbemLocator. After claiming the Ownership for these two keys for my local user (who has admin rights) and giving admin group and my user full access control over them, everything worked just fine (even with Windows Firewall activated).

     

    ===== Windows Server 2008  64bit =======

    Next I tried the same with Windows Server 2008 (64bit). Like before I changed both keys, but my user (with admin rights) still got an access denied message. The Administrator User on the other hand could establish the DCOM Bridge. Windows Firewall was NOT activated. In order to also grant my user DCOM access, I changed my User Access Control Registry Settings with the following:

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

    "ConsentPromptBehaviorAdmin"=dword:00000000

    "EnableLUA"=dword:00000000

     

    After doing so, my user also had DCOM Bridge access to the server.

    Now finally my questions:

    1.

    As already mentioned, after all these tweaks everything works just fine, but I am not sure whether changing the ownership of the registry keys might lead to conflicts in future windows updates (since as far as I understood, the 'TrusedInstaller' is used for Updates). I would be very happy if you could shed some light into this for me and tell me if there exists a way of accessing WMI on Windows Server 2008 without making changes to registry keys.

    2.

    My current DCOM Bridge gets all kinds of nice Hardware Counters and Security Logs. Is there also a SQL Server log (Win32_NTEventLogFile) that I could get via DCOM? Further is there a specific DCOM API for SQL Server?

    (FYI: In case someone wants to reconstruct my scenario, you have to get the latest sources of j-interop and j-interopdeps and build them, because the official 3.0 bundle release has a ComServer.init() bug starting with Windows 7. In case you are interested I can also forward you my latest build of j-interop, then you can skip this work)

     

    Please tell me if something is unclear or missing.

     

    Thank you in advance!

    Best,

     Ralf

    Thursday, January 23, 2014 1:36 PM

All replies