I came across this question from one of my connections in my network.
"A user was added to the Distributed COM Users group in thebuilt-in groups for ADhowever it seems to be doing nothing for allowing that user to access dcom on the servers. Isn't the point of the built-in groups is that they are already defaulted to the correct permissions and setup on object in the AD structure? Is there a way to test? An effective access on an OU with that group was done and it was all denied. Is this the right way to test those particular permissions"
I suggested thefollowing:
As the added users are not able to access the dcom server. In that case it is good to check the dcom remote access permissions in the component services. Remote access and local access should be enabled. If it is not then any user part of distributed com users group will not be able to access the dcom servers.