Change a DCOM application's identity with a script

Question

I have a Powershell script to set up a WS2012 web server with no user interaction. The only thing I can't do in the script is to change the identity of a DCOM application. Or, more specifically, I cannot set the password of the user.

I know it's a registry key trick, but the only thing I can achieve is:

$keypath = "HKLM:\SOFTWARE\Classes\AppID\{key-ID}"
Set-ItemProperty -Path $keypath -Name RunAs -Value domain\user

Which creates a REG_SZ called RunAs with the value domain\user, so it works. Via UI, navigating to that DCOM application the identity has been set correctly, but not its password, and I cannot find how to do it.

Any hints?

Actually, I am not sure any more if that script doesn't work, even though no password has been set. I'm working on it and I will let you know, just for possible future references. — Armaggedon, Nov 20 '13 at 09:44

score 2 · Accepted Answer · answered Nov 21 '13 at 00:54

You cannot set the password this way. But you can set the username and password using DComPerm, which is available in the Microsoft Windows SDK for Windows 7 and .NET Framework 4, but only in source form (C++) in the directory:

C:\Program Files\Microsoft SDKs\Windows\v7.1\Samples\com\fundamentals\dcom\dcomperm

You will have to compile the source, or find a binary version somewhere on the net.

The commandline for dcomperm.exe will then be:

dcomperm -runas {key-ID} domain\user password

Yeah, I already had that, but I didn't test it until now. It works, so +1 for you, thanks. — Armaggedon, Nov 21 '13 at 15:29

Change a DCOM application's identity with a script

1 Answers1