Hi Brian
Thanks for the reply - unfortunately it did not work.....
What I will attempt to do is to set out the full set of security permissions
and state what does and does not work. Hopefully, for those in the know, it
will be obvious what my mistake is.
SET UP
Web tier = Win2000
Data tier = Win2003
These servers are NOT in a domain and there is no trust relationship between
these servers. They are effectively "stand alone".
COM+ APPLICATION
Package installed on DATA tier and exported as a proxy (COM+ 1.0 format).
This is installed on the WEB tier.
WHAT DOES WORK
Logging on as the WEB TIER administrator, I can run an executable that calls
this proxy COM+ application. It successfully executes on the DATA tier.
WHAT DOES NOT WORK
Opening up a web browser to run an ASP page that does exactly what the
executably in the previous step did. Error is: 70, Permission denied.
PERMISSIONS ON THE WEB TIER
From Component Services control panel, myComputer properties, Default
security:
Default access permissions: [blank]
Default launch permissions: IUSR_WEB "Allow defaultLaunchPermission"
From Component Services control panel, COM+ Applications, myPackage
properties
Only property is the IP address of the DATA tier on the Activation tab
From Component Services control panel, COM+ Applications, myPackage,
myComponent properties
All greyed out
C:\Program Files\ComPlus Applications\{A8....}\myDLL.dll
I tried to explicitly give IUSR_WEB explicit EXECUTE permissions, but this
had no effect, so I removed it.
PERMISSIONS ON THE DATA TIER
From Component Services control panel, myComputer properties, COM security
tab:
Access permissions (default): EVERYONE & SELF (local and remote access),
SYSTEM (local access)
Access permissions (limits) : ANONYMOUS LOGON, DISTRIBUTED COM USES,
EVERYONE ( local & remote access)
Launch and activation permissions (default): ADMINISTRATORS, EVERYONE,
INTERACTIVE, SYSTEM (local launch, remote launch, local activation, remote
activation)
Launch and activation permissions (limits): ADMINISTRATORS, DISTRIBUTED COM
USERS, EVERYONE (Local & remote launch, local & remote activation).
From Component Services control panel, COM+ Applications, myPackage
properties
Security: enforce access checks for this application; perform access checks
at the process and component level; authentication level (packet);
impersonation level (impersonate)
Identity: This user (DATA\Administrator)
Activation: Server
From Component Services control panel, COM+ Applications, myPackage,
myComponent properties
Transactions support: not supported
Security: nothing ticked
Activation: don't force activation context
Concurrency: required
The actual DLL is held on the D drive and it's security is: Administrators
(Full control); System (Full control); USERS (Read & Execute)
Not sure what else to try.....
Griff
"Brian Muth" <bm***@mvps.org> wrote in message > Under Windows 2003 only
members of the <machine>\Distributed COM Users group
is allowed to access any COM+ objects from a remote computer. There are
various approaches to solving the problem. You could add the name of the
remote user to this group, or you can change the default COM Security
permissions to allow Everyone access.
On the Windows 2003 server, bring up your Component Services control panel
applet and right click on "My Computer". Choose the Com Security tabe and
add "Everyone" both local and remote access.
HTH
Brian