我有一个第三方DCOM组件,我需要在我的安装程序中以自动方式安装和配置其启动设置(无需用户干预)。我使用regsvr32.exe进行.dll注册并使用powershell设置启动设置。这是我的注册命令行:
regsvr32.exe / n / i:" C:\ ProgramData \ my3rdparty" " C:\ Program Files(x86)\ My3rdparty \ engine.dll"
这是我的权力:
$Group = 'IIS_IUSRS'
$SystemInfo = (Get-WmiObject -Class Win32_ComputerSystem)
$ComputerName = "{0}.{1}" -f $SystemInfo.Name, $SystemInfo.Domain
$Domain = $SystemInfo.Name
$ComComponentName = 'My 3rd party DCOM name'
function New-DComLaunchACE(
[parameter(mandatory=$true)] $Domain,
[parameter(mandatory=$true)] $ComputerName,
[parameter(mandatory=$true)] $Group )
{
#Create the Trusteee Object
$Trustee = ([WMIClass] "root\cimv2:Win32_Trustee").CreateInstance()
#Search for the user or group, depending on the -Group switch
$account = [WMI] "root\cimv2:Win32_Group.Name='$Group',Domain='$Domain'"
#Get the SID for the found account.
$accountSID = [WMI] "root\cimv2:Win32_SID.SID='$($account.sid)'"
#Setup Trusteee object
$Trustee.Domain = $Domain
$Trustee.Name = $Group
$Trustee.SID = $accountSID.BinaryRepresentation
#Create ACE (Access Control List) object.
$ACE = ([WMIClass] "root\cimv2:Win32_ACE").CreateInstance()
# COM Access Mask
# Execute = 1,
# Execute_Local = 2,
# Execute_Remote = 4,
# Activate_Local = 8,
# Activate_Remote = 16
$ACE.AccessMask = 11 # Execute | Execute_Local | Activate_Local
$ACE.AceFlags = 0
$ACE.AceType = 0 # Access allowed
$ACE.Trustee = $Trustee
$ACE
}
function New-DComConfigurationACE(
[parameter(mandatory=$true)] $Domain,
[parameter(mandatory=$true)] $ComputerName,
[parameter(mandatory=$true)] $Group )
{
#Create the Trusteee Object
$Trustee = ([WMIClass] "root\cimv2:Win32_Trustee").CreateInstance()
#Search for the user or group, depending on the -Group switch
$account = [WMI] "root\cimv2:Win32_Group.Name='$Group',Domain='$Domain'"
#Get the SID for the found account.
$accountSID = [WMI] "root\cimv2:Win32_SID.SID='$($account.sid)'"
#Setup Trusteee object
$Trustee.Domain = $Domain
$Trustee.Name = $Group
$Trustee.SID = $accountSID.BinaryRepresentation
#Create ACE (Access Control List) object.
$ACE = ([WMIClass] "root\cimv2:Win32_ACE").CreateInstance()
# COM Access Mask
$ACE.AccessMask = 268435456 # Full Control
$ACE.AceFlags = 0
$ACE.AceType = 0 # Access allowed
$ACE.Trustee = $Trustee
$ACE
}
# Configure the DComConfg settings for the component so it can be activated & launched locally
$dcom = Get-WMIObject Win32_DCOMApplicationSetting -Filter "Description='$ComComponentName'" -EnableAllPrivileges
if ($dcom -ne $null)
{
write-host "DCOM is registered! Setting up permissions"
$sd = $dcom.GetLaunchSecurityDescriptor().Descriptor
$csd = $dcom.GetConfigurationSecurityDescriptor().Descriptor
#$nsAce = $sd.Dacl | Where {$_.Trustee.Name -eq $Group}
$newAce = New-DComLaunchACE -Domain $Domain -ComputerName $ComputerName - Group $Group
$sd.Dacl += $newAce
$newAce2 = New-DComConfigurationACE -Domain $Domain -ComputerName $ComputerName -Group $Group
$csd.Dacl += $newAce2
# Set both the launch and the configuration descriptors ...
$dcom.SetLaunchSecurityDescriptor($sd)
$dcom.SetConfigurationSecurityDescriptor($csd)
}
else
{
Write-Host "DCOM not found."
}
我的问题是powershell脚本找不到DCOM组件,即使它已成功注册。
然而,我发现如果我用
打开mmc控制台mmc comexp.msc /32
并导航到" DCOM配置"文件夹 - 我可以在那里看到我的Dcom组件......如果我在那之后运行我的PowerShell脚本 - 它可以工作!
screenshot of component services window
看起来系统是在高速缓存中搜索而不是在安装新的DCOM时更新高速缓存。打开mmc控制台时 - 系统刷新缓存并且dcom可用。但这些都是我的假设。
我做错了吗?如何在安装后立即确保DCOM可用于powershell脚本?
非常感谢!
答案 0 :(得分:0)
我们在这里发布的一些有趣的信息似乎是你在64位系统上做32位(假设所有现代系统都是64位):https://msdn.microsoft.com/en-us/library/windows/desktop/ms678426(v=vs.85).aspx < / p>
Dcomcnfg.exe和64位应用程序
在从Windows XP到Windows Server 2008的x64操作系统上,64位版本的DCOMCNFG.EXE无法正确配置32位DCOM应用程序以进行远程激活。此行为导致组件意味着远程激活而不是在本地激活。在Windows 7和Windows Server 2008 R2及更高版本中不会发生此问题。 解决方法是使用32位版本的DCOMCNFG。运行32位版本的mmc.exe并使用以下命令行加载32位版本的“组件服务”管理单元。
C:\ WINDOWS \ SysWOW64&gt; mmc comexp.msc / 32
