Sets the computer-wide restriction policy for component access.


Changing this value will affect all COM server applications, and might prevent them from working properly. If there are COM server applications that have restrictions that are less stringent than the computer-wide restrictions, reducing the computer-wide restrictions may expose these applications to unwanted access. Conversely, if you increase the computer-wide restrictions, some COM server applications might no longer be accessible by calling applications.


Registry Entry

   MachineAccessRestriction = SECURITY_DESCRIPTOR


This is a REG_BINARY value.

Principals not given permissions here cannot obtain them even if the permissions are granted by the DefaultAccessPermission registry value or by the CoInitializeSecurity function.

By default, members of the Everyone group can obtain local and remote access permissions, and anonymous users can obtain local access permissions.

Setting Security for COM Applications