Local Security Settings
All settings in this section are configured using the Local Security Policy console.
|
1 |
Open the Windows Control Panel. |
|
2 |
Go to Administrative Tools. |
|
3 |
Navigate to Security Settings > Local Policies > Security Options > Network access: Sharing and security model for local accounts. Change the setting to Classic.
This only applies to Windows computers that are not a part of a domain.
|
• |
Add the user to the predefined local group: Administrators for Windows XP; or Distributed COM Users for Windows Vista, Windows 2003, Windows 2008, and Windows 7. |
If you cannot grant the group permission to the user, do the following:
|
1 |
Create a local user in the Users group. |
|
2 |
Navigate to Control Panel > Administrative Tools > Local Security Policy > Security Settings > Local Policies > Security Options. |
|
3 |
Double-click DCOM: Machine Access Restrictions policy. Click Edit Security. Add the user created above. Enable the Remote Access option. |
|
4 |
Double-click DCOM: Machine Launch Restrictions policy. Click Edit Security. Add the user created above. Enable Local Launch, Remote Launch, Local Activation, and Remote Activation options. |
|
5 |
Navigate to Control Panel > Administrative Tools > Component Services > Computers. Right-click My Computer, click Properties, and open the COM Security tab. |
|
6 |
In the Access Permissions section, click Edit Default. Add the user created above. Enable the Remote Access option. |
|
7 |
In the Launch and Activation Permissions section, click Edit Default. Add the user created above. Enable the Local Launch, Remote Launch, Local Activation, and Remote Activation options. |
|
1 |
|
2 |
Disable the User Account Control: Run all administrators in Admin Approval Mode option. |
Firewall Settings
|
1 |
|
• |
Create a rule that allows all incoming traffic for %systemroot%\system32\dllhost.exe. |
|
• |
For 64-bit systems only: create a rule that allows all incoming traffic for %systemroot%\SysWOW64\dllhost.exe. |
|
• |
For Windows Vista, 2003, and 2008: enable COM+ Network Access (DCOM-In) rule for active profile. |
|
3 |
Enable File and Printer sharing access. |
|
• |
For Windows XP: enable File and Printer sharing exception rule. |
|
• |
For Windows Vista, 2003, and 2008: enable all rules in the File and Printer sharing group for active profile. |
Configuration Script
Use the script below to configure the firewall.
|
1 |
On the target machine create a file named firewall-config.ps1 with the script listed below. |
|
2 |
Run the script with Administrator’s privileges using the following command: powershell -File firewall-config.ps1 |
COM and Automation Objects
The COM and Automation objects are required to perform remote tasks on Windows machines that are not configured for remote activation. Therefore additional configuring of the DLL surrogate is required.
Make sure that the Administrator user has Full Control access to the following registry keys:
Use the script below to configure DCOM.
|
1 |
Create a file named dcom-config.ps1 that contains the script below on the target machine. |
|
2 |
Run the script on behalf of the Administrator user using the following command: runas /user:Administrator powershell -File dcom-config.ps1 |