MachineLaunchRestriction

Sets the computer-wide restriction policy for component launch and activation.

Caution

Changing this value will affect all COM server applications, and might prevent them from working properly. If there are COM server applications that have restrictions that are less stringent than the computer-wide restrictions, reducing the computer-wide restrictions may expose these applications to unwanted access. Conversely, if you increase the computer-wide restrictions, some COM server applications might no longer be accessible by calling applications.

 

Registry Entry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
   MachineLaunchRestriction = SECURITY_DESCRIPTOR

Remarks

This is a REG_BINARY value.

Principals not given permissions here cannot obtain them even if the permissions are granted by the DefaultAccessPermission registry value or by the CoInitializeSecurity function.

By default, administrators may obtain local and remote launch and activation permissions, and members of the Everyone group may obtain local activation and launch permissions.

Setting Security for COM Applications