Check or Attack Name: DCOM Default Launch

DCOM default launch permissions include users other than Administrators and the Interactive (console) user. Verify that the other users should have permission to launch all DCOM objects on the system.

Fortify DCOM's default permissions so that all objects continue to function under tightened security:

1. Run the dcomcnfg program in the %SystemRoot%/System32 folder.
2. Click the Default Security tab.
3. From Default Access Permissions, select Edit Default.
4. Review the default permissions. Recommended access levels are Administrators - Allow Access and INTERACTIVE - Allow Access.
5. Verify that DCOM objects still function properly after making changes.

Microsoft Knowledge Base Article Q176799, INFO: Using DCOM Config (DCOMCNFG.EXE) on Windows NT, http://support.microsoft.com/support/kb/articles/q176/7/99.asp