Adding Distributed COM Users group in the built-in groups for AD

%3CLINGO-SUB%20id%3D%22lingo-sub-2627782%22%20slang%3D%22en-US%22%3EAdding%20Distributed%20COM%20Users%20group%20in%20the%20built-in%20groups%20for%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2627782%22%20slang%3D%22en-US%22%3E%3CP%3EI%20came%20across%20this%20question%20from%20one%20of%20my%20connections%20in%20my%20network.%3C%2FP%3E%3CP%3E%22A%20user%20was%20added%20to%20the%20Distributed%20COM%20Users%20group%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fbit.ly%2F2U7Zarc%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ebuilt-in%20groups%20for%20AD%3C%2FA%3E%20however%20it%20seems%20to%20be%20doing%20nothing%20for%20allowing%20that%20user%20to%20access%20dcom%20on%20the%20servers.%20Isn't%20the%20point%20of%20the%20built-in%20groups%20is%20that%20they%20are%20already%20defaulted%20to%20the%20correct%20permissions%20and%20setup%20on%20object%20in%20the%20AD%20structure%3F%20Is%20there%20a%20way%20to%20test%3F%26nbsp%3B%20An%20effective%20access%20on%20an%20OU%20with%20that%20group%20was%20done%20and%20it%20was%20all%20denied.%20Is%20this%20the%20right%20way%20to%20test%20those%20particular%20permissions%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EI%20suggested%20the%3C%2FSTRONG%3E%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3EAs%20the%20added%20users%20are%20not%20able%20to%20access%20the%20dcom%20server.%20In%20that%20case%20it%20is%20good%20to%20check%20the%20dcom%20remote%20access%20permissions%20in%20the%20component%20services.%20Remote%20access%20and%20local%20access%20should%20be%20enabled.%20If%20it%20is%20not%20then%20any%20user%20part%20of%20distributed%20com%20users%20group%20will%20not%20be%20able%20to%20access%20the%20dcom%20servers.%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Adding%20Users.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F301785i7CAC083D11A4164B%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Adding%20Users.PNG%22%20alt%3D%22Adding%20Users.PNG%22%20%2F%3E%3C%2FSPAN%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FDIV%3E%3CP%3ELet%20me%20what%20are%20your%20thoughts%20on%20this.%20Thanks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2627782%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eactive%20direcory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EActive%20Directory%20Groups%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Contributor

I came across this question from one of my connections in my network.

"A user was added to the Distributed COM Users group in the built-in groups for AD however it seems to be doing nothing for allowing that user to access dcom on the servers. Isn't the point of the built-in groups is that they are already defaulted to the correct permissions and setup on object in the AD structure? Is there a way to test?  An effective access on an OU with that group was done and it was all denied. Is this the right way to test those particular permissions"

 

I suggested the following:

 

As the added users are not able to access the dcom server. In that case it is good to check the dcom remote access permissions in the component services. Remote access and local access should be enabled. If it is not then any user part of distributed com users group will not be able to access the dcom servers.
 
Adding Users.PNG

 

Let me what are your thoughts on this. Thanks.

 

0 Replies