I have just spent days struggling with this new DCOM message on several newly-built Windows Server 2022 platforms. My finding is that, although the 10036 events being logged appear to indicate actual failures regardless of how I set my RequireIntegrityActivationAuthenticationLevel registry entry, testing with New-CimSession shows that the registry entry actually does control hardening.*
Currently on my Windows 2022 servers, I find that:
- Without the registry entry, hardening is not enabled, but error 10036 is logged regardless;
- With the registry entry set to 1, hardening is enabled and the same 10036 error is logged.
More briefly, I think much confusion is being caused because Windows Server 2022 is logging the exact same error regardless of whether the new DCOM hardening is being enforced.
Caveat: this article explains that as of Q2 2022 this will no longer be the case, and hardening will be in effect regardless of the registry setting.
*New-CimSession -ComputerName mycomputer -SessionOption (New-CimSessionOption -Protocol Dcom) -Credential "MYDOMAIN\mylogin" fails when the registry entry is set to 1, and otherwise succeeds.