1

I'm experiencing troubles with DCOM configuration. Here is the case: I'm using some product which supports client-server interaction through DCOM, but the client won't get any access to the server if the attempt is being done from an account with a name which exists at the server as well, but has different password. Basically, if we try to access the server from the Administrator account which obviously present on the server machine, we will fail if client's Administrator password doesn't match server's one.

After actively collaborating with the product's developer in attempts to localize the issue, he come across with resolution "can't be fixed" or, if you prefer to call a pikestaff a pikestaff than it's more likely a "don't know how to fix" resolution :).

I believe there is a solution for this problem and I'm asking you, IT professionals, to help me out with this one.

I do realize that the problem may be caused by the way the developer interact with DCOM and if so it can't be fixed be means of pure system configuration and the question should be asked at SO, but since I've bumped into the same behavior while working with file/printer sharing - Windows tried to simplify everything and used currently impersonated credentials to access the share, I hope the solution lies at system configuration layer.

P.S. I believe that the actual software product I'm talking about is entirely irrelevant however my experience tell me that there always would be somebody who will think that it on the contrary is very relevant. Here it is: SpRecord.

HolisticElastic
  • 111
  • 2

1 Answers1

0

Seems like we enter the realm of dirty hacks at this point.

Thoughts:

  • Have you dug into the DCOM permissions? You can run dcomcnfg.exe, which will let you view and mess around with DCOM. You'll probably need to mess with client and server settings
  • Could you run the app out of a different account? One that didn't already exist on the server or one that had a matching password
  • And of course you could synchronize the client and server admin passwords, but you should not do this... and if you do, make sure to have appropriate controls to compensate for the software's suckage
Bob
  • 2,569
  • 3
  • 26
  • 22
  • 1. Yes, I had. Found nothing of use overthere :(. I'm afraid it's not only the DCOM issue (as I already said, samba interactions manifest the same behavior as well). 2. Yes, of course I can run the app while impersonating account with the name which doesn't exist on the server. 3. Surely, I wouldn't do that because that's not the solution I'm seeking... If this were appropriate for me I wouldn't asking any questions here ;). – HolisticElastic Dec 14 '09 at 08:07