On Sat, 2006-02-25 at 17:06 +0000, [EMAIL PROTECTED] wrote: > > DCOM allows applications to be distributed across locations, the application > create program ids that can have the default launch and access permissons. > > A user account is added as authentication credentials to granted permission > to access/launch the component. When the user credentials (as a example a > service account) are add they can recieve the default access and launch > permissions. Alot of time they don't need the default permissions. > > DCOMCNFG is the tool that comes with Windows that allows you to configure the > DCOM settings of a COM application. The application can be listed as a Name > or by a program ID and its rather painful to manual check each. >
Thanks for the information. I will try to look at that later and see what I can do. > Other scanners I've used will report on what user has what level of access > and/or launch permission for a COM object. When I run an Administrative > scan using Nessus, i've never see it report on this setting and so far i've > been unable to find a plugin that does. > > I was thinking of writting a plugin to check the access and launch > permission for COM objects. but didn't want to re-invent the wheel and > thought I would ask to see if anyone else > has. I really don't think you want to do that. It is easy to use the DCOM protocol with the Windows API but it is much more complex to do that with Nessus ;-) Nicolas _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
