Share via

OLE Registry Key (Compact 2013)

  • Article

3/26/2014

The named values under the HKEY_LOCAL_MACHINE\Software\Microsoft\OLE key control Distributed COM's default launch and access permission settings and call-level security capabilities for applications that do not call the CoInitializeSecurity function. The named values for OLE are stored under the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\named_value = value

The following table shows the named values for the HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\named_value = value key.

Value : type

Description

EnableDCOM : REG_SZ

Controls the global activation and call policies of the machine. If this value is set to N, no remote clients may launch servers or connect to objects on this machine. Local launching of class code and connecting to objects is allowed on a per-class basis according to the value and access permissions of the class's AppID\{...}\LaunchPermission key and the global DefaultLaunchPermission key.

If this value is set to Y, launching of servers and connecting to objects by remote clients is allowed on a per-class basis according to the value and access permissions of the class's LaunchPermission named-value and the global DefaultLaunchPermission named-value.

Ee489693.security(en-us,WinEmbedded.80).gifSecurity Note:
Enabling this functionality enables remote access to COM objects on your device.

LegacyAuthenticationLevel= default_authentication_level : REG_DWORD

Sets the default authentication level for applications that do not call CoInitializeSecurity.

The values from 1 through 6 are valid. The following list shows the RPC_C_AUTHN_LEVEL_xxxconstants to which they correspond:

  • 1 = RPC_C_AUTHN_LEVEL_NONE
  • 2 = RPC_C_AUTHN_LEVEL_CONNECT

When this named-value is not present, the default authentication level established by the system is 2 (RPC_C_AUTHN_CONNECT).

LegacyImpersonationLevel= default_impersonation_level : REG_DWORD

Sets the default level of impersonation for applications that do not call CoInitializeSecurity.

The values from 1 through 4 are valid. The following list shows the RPC_C_IMP_LEVEL_xxx constants to which they correspond:

  • 1 = RPC_C_IMP_LEVEL_ANONYMOUS
  • 2 = RPC_C_IMP_LEVEL_IDENTIFY
  • 3 = RPC_C_IMP_LEVEL_IMPERSONATE
  • 4 = RPC_C_IMP_LEVEL_DELEGATE

When this named-value is not present, the default impersonation level established by the system is 2 (RPC_C_IMP_LEVEL_IDENTIFY). NTLMSSP on Windows NT 4.0 supports only RPC_C_IMP_LEVEL_IDENTIFY and RPC_C_IMP_LEVEL_IMPERSONATE. In Windows 2000, the Kerberos v5 protocol supports RPC_C_IMP_LEVEL_DELEGATE. However, RPC_C_IMP_LEVEL_ANONYMOUS is not supported by either Windows NT 4.0 or 5.0.

LegacyMutualAuthentication : REG_SZ

Determines whether mutual authentication is enabled. This value provides the default setting for use of mutual authentication for all applications that do not call CoInitializeSecurity. Values of "Y" or "y" indicate that mutual authentication is enabled. Any other value or the lack of this named-value implies that mutual authentication is disabled.

Ee489693.note(en-us,WinEmbedded.80).gifNote:
Mutual authentication is not supported and is not available by default with Windows NT 4.0. This named-value is only useful if the network administrator installs a security provider that supports mutual authentication.

LegacySecureReferences= ACL : REG_SZ

Determines whether AddRef/Release invocations use COM security functionality for applications that do not call CoInitializeSecurity. This value provides the default setting that helps to secure IUnknown::AddRef and IUnknown::Release method invocations for all applications that do not call CoInitializeSecurity. Values of "Y" or "y" indicate that AddRef/Release uses COM security functionality. Any other value or the lack of this named-value implies that AddRef/Release does not use such functionality. Enabling COM security functionality slows remote calls.

NoBstrCache : REG_MULTI_SZ

By default this value is not set in the registry. It lists the names of processes for which the BSTR cache will be disabled.

By default, the BSTR cache is enabled unless explicitly listed. The process should be listed only by its name and not by its path; eg "myprocess.exe" and not "\mypath\myprocess.exe".

By default, oleaut32 maintains a cache of allocated BSTRs for each process. This has the advantage of making allocations considerably faster.

BSTR caching is crucial to many applications' performance. It should not be disabled unless you have done extensive research and profiling indicating that it needs to be disabled.

To Disable Caching:

For some applications the extra memory required for the cache is too high. Also, for development purposes keeping memory in caches can make tracking memory leaks more difficult.

See Also

Reference

COM and DCOM Registry Settings