Calling COM+ component from IIS 6 Annonymous local account

Calling COM+ component from IIS 6 Annonymous local account

am 06.05.2006 12:14:02 von Adeel

Hi,
I am running Windows 2003 Server. Have my VB6 developed Dll registered in
COM+ under the identity of a local account "localtest". Same user is provided
in annonymous access in IIS.
Enforce Authorization check is unchecked in COM+ security.
In IIS Out of Process in COM+, i have provided the same user "localtest"
This local user is an administrator of the local machine. But when the dll
goes to read the registry for connection string, it could not get a valid
connection.
If i provide a domain account in place of this local machine account,
everything runs fine.
1) Can we use a local account to access COM+, Registry?
2) what should i configure additionaly to make it work?

Re: Calling COM+ component from IIS 6 Annonymous local account

am 06.05.2006 12:34:51 von someone

I suspect you are either not running as the user identity that you think you
configured, or your system has been locked down in ways you do not know.

Verify with RegMon from www.sysinternals.com as to the user identity that is
failing to read the registry key.

Since you have a domain machine, my other suspicion is that your domain has
some Group Policy which tweaks arbitrary security permissions on your server
to result in what you observe (for example, disable logon of certain user
groups, such as the local ones). Obviously, there is nothing IIS/COM+ can do
about this -- your Group Policy is breaking you, by-design. You'll have to
figure out what is happening.

I can only tell you that local user accounts can definitely access COM+ and
Registry if nothing else is breaking the system intentionally.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

"Adeel" wrote in message
news:C03F236F-D6C7-42A2-B251-D95668158F38@microsoft.com...
> Hi,
> I am running Windows 2003 Server. Have my VB6 developed Dll registered in
> COM+ under the identity of a local account "localtest". Same user is
> provided
> in annonymous access in IIS.
> Enforce Authorization check is unchecked in COM+ security.
> In IIS Out of Process in COM+, i have provided the same user "localtest"
> This local user is an administrator of the local machine. But when the dll
> goes to read the registry for connection string, it could not get a valid
> connection.
> If i provide a domain account in place of this local machine account,
> everything runs fine.
> 1) Can we use a local account to access COM+, Registry?
> 2) what should i configure additionaly to make it work?