Here is an example of what I have been doing.
$ComName = 'PrintNotify' $dcom = Get-WMIObject Win32_DCOMApplicationSetting ` -Filter "Description='$ComName'" -EnableAllPrivileges $asd = $dcom.GetAccessSecurityDescriptor().Descriptor $csd = $dcom.GetConfigurationSecurityDescriptor().Descriptor $lsd = $dcom.GetLaunchSecurityDescriptor().Descriptor write-host "Local Service: " $dcom.LocalService write-host "Application ID: " $dcom.AppID write-host "Authentication Level: " $dcom.AuthenticationLevel write-host "Users: " $lsd.dacl.trustee.name
So what I can determine is “Authentication Level” of blank = the “default” value. If I change the Authentication to an alternate value it does provide a value.
However, the big concern is launch permissions. If I add a user and give it any single permission it now shows up as a user. If I remove all permissions it then removes the user from the DCOM object. What I can’t figure out is how to determine what permissions are assigned to each user.
So for example how would I determine that Administrators in this example is set to Local launch/activation but not remote?