Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, September 6, 2015 3:47 PM
Please see "https://technet.microsoft.com/en-us/library/cc726313(v=ws.10).aspx"
The last sentence refers to proper settings. What are the proper permission settings?
All replies (14)
Tuesday, September 8, 2015 9:12 AM ✅Answered
Hi theking2,
That means the system default settings.
We may try the following way to reset the Dcom permission:
Please take a try with the steps below, to reset the DCOM permission:
The DCOM ACLs are stored in the registry under the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole, in the following binary values:
- DefaultAccessPermission
- DefaultLaunchPermission
- MachineAccessRestriction
- MachineLaunchRestriction
please backup the registry first, then delete all those values listed avove, DCOM will load the default settings if there is no values reference.
Regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Sunday, September 6, 2015 4:12 PM | 1 vote
That says nothing about permissions for runtime broker. Care to tell us the underlying problem?
Wanikiya and Dyami--Team Zigzag
Monday, September 7, 2015 8:07 AM
Care to tell us the underlying problem?
A great number Events of the foillowing:
| - | System |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| - | EventData |
| param1 | application-specific |
| param2 | Local |
| param3 | Activation |
| param4 | {D63B10C5-BB46-4990-A94F-E40B9D520160} |
| param5 | {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} |
| param6 | NT AUTHORITY |
| param7 | LOCAL SERVICE |
| param8 | S-1-5-19 |
| param9 | LocalHost (Using LRPC) |
| param10 | Unavailable |
| param11 | Unavailable |
Tuesday, January 12, 2016 4:05 PM
But why this error exist at all on newly built machine?
rgds Sven
Sunday, February 14, 2016 4:33 AM | 1 vote
Here is a fix that works for Windows 10 and other previous versions.
Fix for Distributed COM RuntimeBroker (Error ID: 10016):
Because DCOM RuntimeBroker in Component Services won’t let you edit the security settings, you need to right click on the task bar Windows icon, click Run and type in regedit, and then press Enter. Do the instructions 1-4 below for each of these registry keys:
HKEY_CLASSES_ROOT\AppID\9CA88EE3-ACB7-47c8-AFC4-AB702511C276}HKEY_CLASSES_ROOT\AppID\RuntimeBroker.exe
.
Go to each key and back it up by doing a right click on the registry key and click Export and save the file to a documents folder (you should always backup any registry key you change). Now right click on the registry key again and click Permissions > Advanced.
If Administrators has Full Privileges, then go to the next registry key and start with instruction #1 again. Otherwise change ownership to Administrators by clicking Change at the top where is says Owner then click Advanced > Find Now > Administrators > OK > OK > Apply > Yes. If a message(s) comes up just click OK or Yes until back to the Permissions window.
Click on Administrators and check off Full Control then click OK.
Check "Replace all child objects...." and then Apply. If a message(s) comes up just click OK or Yes until back to the Permissions window. Then click OK to close the Permissions window.
When done with both registry keys, reboot.
Go to Control Panel > Administrative Tools > Component Services > Computers (middle window)> My Computer > DCOM Config and then right click on RuntimeBroker and click Properties > Security. You’ll see 3 edit buttons.
Make sure Customize is checked and then click on the top Edit under Launch and Activation Permissions and you may see this:
If you see it click Cancel.In the Group or user names box highlight each and make sure that Local Launch and Local Activation are checked. Make sure that you have in the Group or User Names window: All Applications Packages, Self, System, Administrators, and Interactive. If any are missing, then click Add > Advanced > Find Now > [Name]> OK > OK, and make sure that Local Launch and Local Activation are checked.
Now click the middle Edit under Access Permissions (make sure Customize is checked off) then in the Group or user names box highlight each and make sure that Local Access is checked off. When done click OK. Make sure that you have in the Group or User Names window: All Applications Packages, Self, System, Administrators, Local Network, and Network Service. If any are missing, then click Add > Advanced > Find Now > [Name]> OK > OK, and make sure that Local Access is checked off.
Click the bottom Edit under Configuration Parameters (make sure Customize is checked off) then click Advanced. Each Principal should have Read Access except for Administrators, and TrustedInstaller who should have Full. If you need to make any changes, highlight the one to change then click Edit, make any changes, and then click OK. You should have the following principals listed: All Applications Packages, System, Administrators, Users, and TrustedInstaller. If any are missing then click Add > Advanced > Find Now > [Name]> OK > OK (make sure that Read is checked). Then click OK until all the Properties windows are closed. Now close up the Component Services window.
Now go back to the regedit window and change ownership to SYSTEM on the same four keys previously changed. Do this by clicking Change at the top where is says Owner then click Advanced > Find Now > SYSTEM > OK > OK > Apply > Yes. If a message(s) comes up just click OK or Yes until back to the Permissions window and then click OK > OK.
When done changing the owner to SYSTEM on both registry keys like you did in #2 then close up regedit.
Best to reboot at this point and then you are done.
Saturday, March 12, 2016 9:28 PM
Step 8 isn't possible if in Step 7 you get the error click Cancel. This is where I get stuck.
The Add... and Remove buttons in the "RuntimeBroker Properties" dialog are disabled as the previous dialog suggests will happen. The dialog is read only.
I have tried before to click Remove but that ended up ruining other things.
Wednesday, October 18, 2017 11:54 PM
A much easier way to fix this error:
- Download the DCOMPermissions.psm1 PowerShell module
- Open an administrative PowerShell prompt and run these commands:
Import-Module .\DCOMPermissions
Grant-DCOMPermission -ApplicationID "{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -Account "SYSTEM" -Type Launch -Permissions LocalLaunch,LocalActivation -OverrideConfigurationPermissions
If you receive no errors, then the change was successful. No reboot needed.
The command grants SYSTEM permission to launch and activate RuntimeBroker. The existing permissions and callbacks are preserved, and the registry permissions are not changed from defaults.
-Tony
Friday, February 23, 2018 11:16 AM
Hi there...a little clarification please?
W10 laptop has multiple 10016 error events, with runtimebroker and particularly when using Edge browser.
On checking the "HKLM\software\microsoft\ole",
before proceeding to clean up DCOM ACLs, noticed that a "Default Access Permission" subkey isn't there. But there's a "Legacy Impersenation Level" over the subkeys you said.
So, is it an issue, and how to proceed for resetting the DCOM settings?
Thanks in adv :)
Hi! there..
Sunday, July 15, 2018 8:58 AM
I am having the same issue. Not finding "Default Access Permission". Please advise?
Saturday, July 21, 2018 6:06 PM
Hey Tony, when I type Import-Module .\DCOMPermisions I get this error.
PS C:\WINDOWS\system32> Import-Module .\DCOMPermissions
Import-Module : The specified module '.\DCOMPermissions' was not loaded because no valid module file was found in any
module directory.
At line:1 char:1
- Import-Module .\DCOMPermissions
-
+ CategoryInfo : ResourceUnavailable: (.\DCOMPermissions:String) [Import-Module], FileNotFoundException
+ FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand
Sunday, July 22, 2018 6:37 AM
Hey Tony, when I type Import-Module .\DCOMPermisions I get this error.
PS C:\WINDOWS\system32> Import-Module .\DCOMPermissions
Import-Module : The specified module '.\DCOMPermissions' was not loaded because no valid module file was found in any module directory.
Please ensure the DCOMPermissions.psm1 file is in the current directory from where you are running the import command.
-Tony
Tuesday, July 24, 2018 5:23 AM
A much easier way to fix this error:
- Download the DCOMPermissions.psm1 PowerShell module
- Open an administrative PowerShell prompt and run these commands:
Import-Module .\DCOMPermissions Grant-DCOMPermission -ApplicationID "{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -Account "SYSTEM" -Type Launch -Permissions LocalLaunch,LocalActivation -OverrideConfigurationPermissionsIf you receive no errors, then the change was successful. No reboot needed.
The command grants SYSTEM permission to launch and activate RuntimeBroker. The existing permissions and callbacks are preserved, and the registry permissions are not changed from defaults.
-Tony
Hello again Tony, Im still having the 10016 Error on shutdown and my computer is crashing. Am I doing something wrong? This is the error im getting>>>
DistributedCOM 10016
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-QV4JSD8\Calob SID (S-1-5-21-169807390-600740636-3995643411-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Your error message indicates that "Calob" doesn't have Local Activation permission. Granting permission to SYSTEM won't have any effect on this error. You need to grant permission to the "Calob" account.
-Tony
Wednesday, July 25, 2018 10:56 AM
how do i do that
Refer to the command help for syntax on how to use the command. It'll show you how to specify any account you wish.
FYI, if your computer is crashing, as you say, this won't fix that. Error 10016 for the runtime broker is just a nuisance error. It doesn't cause any harm and can be ignored. This whole thread exists because people don't want to *see* the error. You may have other computer problems.
-Tony
Monday, September 17, 2018 8:48 AM
I know this is "old" in computer terms, but this entry fixed my problem! I had other issues and somehow changed these settings and I spent 4 agonizing days trying to fix my taskbar. I searched everywhere and I finally stumbled across your entry. It was exactly what I needed! Thanks for all your time and energy to put this into readable actionable steps! God Bless!!!