Automating DCOM permissions for Remote Assistance (for use with Xenapp) using GPO’s

Im in the process of setting up our new Xenapp 6.5 environment, and I needed to figure out how to use a GPO to apply the dcom permissions for Remote Assistance usage in Xenapp to replace shadowing (the article I mentioned it was here: Second Paragraph).

Today I sat down and figured it out. You will need one machine where you follow that article and actually setup the permissions you want. From that machine, open up the GPO you want to use to set the policy with. Navigate to Computer Configuration -> Preferences -> Registry.

(Shown with the keys already populated)

From there, create a new Registry item. Click on the … button next to Key Path and browse to the following Key: HKCR\AppID\{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7} Then on the bottom half of the screen click on AccessPermission and click the select button.

Change the Registry Preference to whatever other settings you need, create/replace, etc. and then close it. On to step two!

We are going to repeat everything from the last step, except this time instead of choosing AccessPermission, you need to choose LaunchPermission.

Those get you the first two DCOM Settings. The Configuration Permissions DCOM Setting is set in a different place. You Need to go to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Registry.

(Again shown populated)

There you will need to create a new key. Navigate to HKCR\AppID\{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7} then click OK, it will pop up a box for the security you want on it. Find the group/user you added before and add them. Then click the Advanced button. Find the user/group you just added and edit it. Give them full control and then click OK all the way out.

(Few screen shots of a few of the major screens)

You have now created the policy to change all those settings without doing it on each machine.

Filed under: Microsoft, Xenapp | Posted on December 15th, 2011 by CharlieMaurice

One Response to “Automating DCOM permissions for Remote Assistance (for use with Xenapp) using GPO’s”

  1. Stephen J Says:

    One, I noticed the path to the registry if on server 2008 is HKCR\Wow6432Node\AppID\{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}

    My issue is that when I set that preference I’m not seeing it being changed on the machine. Did you have issue with these preferences applying?

Leave a Reply

RSS Feed





Copyright © 2018 Charlie's Tech Ramblings. All rights reserved.

Tech Blue designed by Hive Designs • Ported by Free WordPress Themes