我正在使用PowerShell成功设置DCOM对象的权限。
但是,此后在我的软件中使用DCOM对象时,只有在重新启动计算机后才能识别权限更改。
如何防止重新启动?更改权限后,我是否可以重新启动一个组件/服务?
我正在使用以下代码更改权限:
$apiDCOMObj = Get-Wmiobject -Query ('SELECT * FROM Win32_DCOMApplicationSetting WHERE Caption = "MyAPI"') -EnableAllPrivileges
$descrLaunch = $apiDCOMObj.GetLaunchSecurityDescriptor().descriptor
$descraccess = $apiDCOMObj.GetaccessSecurityDescriptor().descriptor
$trusteeObj = ([wmiclass]'Win32_Trustee').psbase.CreateInstance()
$trusteeObj.Domain = "NT AUTHORITY"
$trusteeObj.Name = "NETWORK SERVICE"
$aceLaunch = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$aceLaunch.accessMask = 11 # Mask for Local Launch and Local activation
$aceLaunch.trustee = $trusteeObj
$aceaccess = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$aceaccess.accessMask = 3 # Mask for Local access
$aceaccess.trustee = $trusteeObj
$descrLaunch.dacl += [System.Management.ManagementBaseObject]$aceLaunch
$descraccess.dacl += [System.Management.ManagementBaseObject]$aceaccess
$apiDCOMObj.SetLaunchSecurityDescriptor($descrLaunch)
$apiDCOMObj.SetaccessSecurityDescriptor($descraccess)