Share via


Event ID 10020 — COM Security Policy Configuration

Applies To: Windows Server 2008

COM+ applications use Microsoft Component Object Model (COM) technology in Microsoft Windows operating systems to communicate and take advantage of Windows services. COM technologies include COM+, DCOM, and ActiveX Controls.

An administrator can use the Component Services administrative tool to control the COM + application security policy through configurable settings that are located on the Security tab of the application's properties sheet.

Event Details

Product: Windows Operating System
ID: 10020
Source: Microsoft-Windows-DistributedCOM
Version: 6.0
Symbolic Name: EVENT_DCOM_INVALID_MACHINE_SECURITY_DESCRIPTOR
Message: The computer-wide %1 %2 security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services snap-in.

Resolve

Check the server's security policy

Update the security policy settings on the server to allow the requested operation to complete. The text of the event message may provide details to help you configure the security policy. Use the Component Services administrative tool to update the server's security policy to allow the requested operation to complete.

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To open Component Services and find the server's security properties:

  1. Click Start, and then click Run.

  2. Type comexp.msc, and then click OK. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  3. To locate your computer, click Component Services, click Computers, and then click My Computer.

  4. Right-click My Computer, click Properties, and then click the COM Security tab.

  5. Under Access Permissions, click Edit Limits to check and, if necessary, change the Access Permissions limits on applications that determine their own permissions.

    Under Launch and Activation Permissions, click Edit Limits to check and, if necessary, change the absolute limit on component launch and activation permissions.

  6. Use Edit Default for each item to adjust Access Permissions and Launch and Activation Permissions to allow the requested operation to complete.

Verify

You can verify that your security policy for this server is configured properly by running the Component Services administrative tool and ensuring that the required security properties are set.

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To open Component Services and verify that the required security properties are set:

  1. Click Start, and then click Run.
  2. Type comexp.msc, and then click OK. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  3. To locate your computer, click Component Services, click Computers, and then click My Computer.
  4. Right-click My Computer, and then click Properties.
  5. Click the COM Security tab, and confirm that the Access Permissions and Launch and Activition Permissions properties are set properly.

COM Security Policy Configuration

Application Server