I ran into this problem on non-english OS which was reported by one of our customers. After digging into it, I found that certain DCOM permissions (e.g. 'Launch and Activate', 'Access permission') were given to INTERACTIVE and NETWORK_SERVICE accounts. The account name was hardcoded in english. On non-english OS, these names are localized in the OS language and so the permission granting code was failing.
There are SDDL strings assigned to each account / group created by operting system. These strings can be found in sddl.h header file. These strings should be used for refering to the account name rather than the name itself. This saves from any localization issues as these strings are defined for accounts and not for there names.
No comments:
Post a Comment