The best setting for the RunAs option in a server package

The best setting for the RunAs option in a server package

When you deploy COM objects in DLLs no security issues arise since DLLs run in the process of the caller. On the contrary, when you deploy your COM objects into an .EXE, you have to deal with such issues.

– (D)COM needs to know under what security principal (read identity) the process, where your COM objects lives in, has to be associated with.
– (D)COM wants to know other details as well, like who has the rights to launch and to access the COM objects and what’s the lowest level of security your COM objects must accept when it negotiates a connection from a caller.

These options can be set at run-time (but you have to deal with DCOM APIs) or can be configured at deployment time using the DCOMCNFG utility. If there are no security settings defined for your Component then (D)COM uses default access permission. The settings you have available in (D)COM for the Run as setting are:

– As interactive user: The process run under the identity of the user currently logged in the system. This settings is OK only during the development phase. If noone is logged in the system the object creation will fail.
– As the launching User: The process run under the identity of the caller process. This is not an advisable setting to set up a manageable security policy.
– As This User: In this case you have to specify a local or domain user. This is the best setting to go under a production environment.

If what is described above is clear, there is just one more thing to know when you come to MTS: Each MTS server package is a separate surrogate process where your DLLs run in. If you decide to deploy your dlls into an MTS Server package you have to remember that every access to the COM objects implemented in such dlls will have to deal with (D)COM security if the caller is outside the same MTS package.

This tip is taken from the FAQ list that Enrico mantains at his own home page (www.sabbasoft.com/mts_faq.htm).

Share the Post:
XDR solutions

The Benefits of Using XDR Solutions

May 24, 2023

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

May 23, 2023

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

May 22, 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

May 17, 2023

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

May 16, 2023

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes

ransomware cyber attack

Why Is Ransomware Such a Major Threat?

May 15, 2023

One of the most significant cyber threats faced by modern organizations is a ransomware attack. Ransomware attacks have grown in both sophistication and frequency over the past few years, forcing

data dictionary

Tools You Need to Make a Data Dictionary

May 12, 2023

Data dictionaries are crucial for organizations of all sizes that deal with large amounts of data. they are centralized repositories of all the data in organizations, including metadata such as

Show More