Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, February 23, 2017 7:55 PM
I have been in regedit and modified the following 4 keys so that SYSTEM has full access>
HKEY_CLASSES_ROOT\AppID\9CA88EE3-ACB7-47c8-AFC4-AB702511C276}
HKEY_CLASSES_ROOT\AppID\RuntimeBroker.exe
HKEY_CLASSES_ROOT\CLSID\D63B10C5-BB46-4990-A94F-E40B9D520160}
HKEY_CLASSES_ROOT\CLSID\D63B10C5-BB46-4990-A94F-E40B9D520160}\LocalServer32
But when I go into > DCOMCNFG > Component Serv - DCOM Config - RUNTIMEBROKER -> Properties-> Security ->{Launch & Activation Permissions} I am unable to add a user, it is grayed out.
I also went into Local User Groups and added myself, SELF and SYSTEM to the group Dist COM users so they would be allowed to launch, activate and use Distributed COM objects on this machine, but to no avail.
Any ideas where to turn next?
Win10 x64
Thanks!
All replies (11)
Friday, February 24, 2017 6:20 AM | 3 votes
Hi ,
The below is a similar case for reference. You need to go to HKEY_Classes_Root\CLSID\D63B10C5-BB46-4990-A94F-E40B9D520160} and HKEY_LocalMachine\Software\Classes\AppID\9CA88EE3-ACB7-47c8-AFC4-AB702511C276}, change the owner to Administrators group, grant full control to the Administrators group. Then go to > DCOMCNFG > Component Service - DCOM Config - RUNTIMEBROKER > Properties> Security >{Launch & Activation Permissions}, try to add user again.
Error - Event ID: 10016; DistributedCOM
https://answers.microsoft.com/en-us/windows/forum/windows8_1-performance/error-event-id-10016-distributedcom/130522d2-beac-4495-980a-65e1e3279901
Best regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, February 24, 2017 3:09 PM
Hi - In my original note I forgot to mentioned I did modify the
HKEY_Classes_Root\CLSID &
HKEY_LocalMachine\Software\Classes\AppID\ keys and gave them full ADMINISTRATOR access, but the
add user in DCOMCNFG was still grayed out. I tried it a number of times.
I know it is supposed to work.....
Monday, August 7, 2017 4:57 PM
I know it might be basic for some but just in case, a common error that will leave DCOMCNFG options grayed out after applying this fix happens when the owner is changed to Administrator instead of to Administrators
Just one letter, but that s is needed and makes all the difference.
Friday, August 25, 2017 7:57 PM
I know it might be basic for some but just in case, a common error that will leave DCOMCNFG options grayed out after applying this fix happens when the owner is changed to Administrator instead of to Administrators
Just one letter, but that s is needed and makes all the difference.
Having this issue still... Definitely have Administrators on both reg keys, and I can now go into permissions when I go to the Activation and Launch settings I cannot add new users.
Wednesday, October 18, 2017 11:41 PM | 6 votes
I know it might be basic for some but just in case, a common error that will leave DCOMCNFG options grayed out after applying this fix happens when the owner is changed to Administrator instead of to Administrators
Just one letter, but that s is needed and makes all the difference.
Having this issue still... Definitely have Administrators on both reg keys, and I can now go into permissions when I go to the Activation and Launch settings I cannot add new users.
Rather than messing with the default registry permissions just to change some DCOM permissions, use the DCOMPermissions module to change them:
- Download the DCOMPermissions.psm1 PowerShell module
- Open an administrative PowerShell prompt and run these commands (for example):
Import-Module .\DCOMPermissions
Grant-DCOMPermission -ApplicationID "{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -Account "SYSTEM" -Type Launch -Permissions LocalLaunch,LocalActivation -OverrideConfigurationPermissions
If you receive no errors, then the change was successful. No reboot needed.
The example command grants SYSTEM permission to launch and activate RuntimeBroker. The existing permissions and callbacks are preserved, and the registry permissions are not changed from defaults.
-Tony
Friday, February 2, 2018 11:01 PM | 2 votes
After giving admin rights, I had to restart the Component Service snap-in, then it was possible to change the permissions.
Jovica
Saturday, April 28, 2018 10:48 AM
Thanks Tony and everyone else.
I had the same problem and this thread helped me solve it as well as learn a few things about DCOM management.
I am particularly grateful for the consideration shown towards readers like myself that are still novices learning their craft.
Now that I've hopefully added the permission I need to the RuntimeBroker I am wondering how to return TrustedInstaller as owner?
I really don't want to leave this component vulnerable. I'm assuming the original restrictions where there for a good reason.
....
Okay got NT SERVICE\TrustedInstaller back in business as the owner. That wasn't too much of a problem at all.
Monday, July 23, 2018 2:29 AM
Hi Tony,
I am having this same issue & came across your post here. Very new at using PowerShell commands. I downloaded the DCOMPermissions.psm1 PowerShell module but wasn't clear what to do with it.
I did run the PowerShell with elevated privileges and this command ran successfully, no errors:
Import-Module .\DCOMPermissions
Grant-DCOMPermission -ApplicationID "{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -Account "SYSTEM" -Type Launch -Permissions LocalLaunch,LocalActivation -OverrideConfigurationPermissions
I then restarted the Component Services snap-in. However, when I go to the Activation and Launch settings I cannot add new users as the options are still grayed out. Would appreciate any assistance. Thanks.
Tuesday, July 24, 2018 5:51 AM
Hi Tony,
I am having this same issue & came across your post here. Very new at using PowerShell commands. I downloaded the DCOMPermissions.psm1 PowerShell module but wasn't clear what to do with it.
I did run the PowerShell with elevated privileges and this command ran successfully, no errors:
Import-Module .\DCOMPermissions
Grant-DCOMPermission -ApplicationID "{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -Account "SYSTEM" -Type Launch -Permissions LocalLaunch,LocalActivation -OverrideConfigurationPermissions
I then restarted the Component Services snap-in. However, when I go to the Activation and Launch settings I cannot add new users as the options are still grayed out. Would appreciate any assistance. Thanks.
I assume you are trying to change the launch and/or access permissions to DCOM object.
Changing the registry permissions as described in this thread is only done to enable the security settings in the DCOM app so that you can change the launch/access permissions in that app. It is not desirable to change the registry permissions (aka configuration permissions).
This module changes the access/launch permissions without changing the configuration permissions. That's why the module was created.
If you ran the above command, then you successfully changed the launch permissions.
You can use the module to display the current permissions.
-Tony
Wednesday, August 15, 2018 4:25 PM
This module and commands worked perfectly. Thanks!
Sunday, November 24, 2019 3:48 PM
Thanks Tony,
this was perfect for me, you made my day :)
Greez Roly