Partager via


DCOMSec-wmi-multi.vbs

By The Scripting Guys, Microsoft Corporation

This script exempts applications from the DCOM activation security check by editing the registry, using the WMI System Registry provider. It can run against multiple computers.

You can get the GUID of the application to be exempted from the Component Services MMC snap-in (comexp.msc).

DCOMSec-wmi-multi.vbs corresponds to DCOMSec.vbs, one of the scripts that ships with Application Compatibility Testing and Mitigation Guide for Windows XP Service Pack 2 and which are documented in the Appendix. You can download a Windows Installer (.msi) file that installs the Guide and its associated scripts from:

https://www.microsoft.com/downloads/details.aspx?FamilyId=9300BECF-2DEE-4772-ADD9-AD0EAF89C4A7&displaylang=en

Input for this script comes from a comma-delimited text file, dcomsec-hosts.csv, which contains the names of computers against which the script will run and the GUID of the application to exempt for each one. This text file must be in the same folder as the script.

Each line of the input file must consist of a computer name, a comma, and a GUID, with no spaces before or after the comma. Each computer must be accessible on the network and the credentials under which the script is run must have administrative privileges on it. For example :

client1,{246C57AE-40DD-4d6b-9E8D-B0F5757BB2A8}
client2,{00020812-0000-0000-C000-000000000046}
server1,{246C57AE-40DD-4d6b-9E8D-B0F5757BB2A8}
server2,{00020812-0000-0000-C000-000000000046}

Be sure there is no line break after the final line, as this will be interpreted by the script as an empty string.

To use the script, copy the code, paste it into Notepad, and then save the script as DCOMSec-wmi-multi.vbs. To run the script, open a command prompt window to the directory of the script and type:

cscript dcomsec-wmi-multi.vbs

If the default script host on the computer is Cscript.exe, the initial "cscript" may be omitted.

Script Code

'******************************************************************************
'DCOMSec-wmi-multi.vbs
'Author: Peter Costantini, the Microsoft Scripting Guys
'Date: 8/25/04
'Revision 1.0
'This script can be run against multiple computers to remotely 
'exempt applications from the DCOM activation security check.
'The multiple computers must be specified in a comma-delimited
'text file, dcomsec-hosts.csv, in the same directory as the script.
'Each line of dcomsec-hosts.csv must have a computer name followed
'by a comma, followed by the GUID of an application. You can obtain GUIDs
'of applications from Component Services MMC snap-in (comexp.msc).
'This example uses GUIDS for Microsoft Visual Studio Solution Object {246 ...}
'and Microsoft Excel Application {000 ...}
'Do not add a newline to the end of the last line.
'Example:
'client1,{246C57AE-40DD-4d6b-9E8D-B0F5757BB2A8}
'client2,{00020812-0000-0000-C000-000000000046}
'server1,{246C57AE-40DD-4d6b-9E8D-B0F5757BB2A8}
'server2,{00020812-0000-0000-C000-000000000046}
'******************************************************************************

On Error Resume Next

Const FOR_READING = 1
strFilename = "dcomsec-hosts.csv"
strKeyPath = "SOFTWARE\Microsoft\Ole\AppCompat" & _
 "\ActivationSecurityCheckExemptionList"
strValue = 1

'If text file exists, read list of hosts and operation for each.
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(strFilename) Then
  Set objFile = objFSO.OpenTextFile(strFilename, FOR_READING)
Else
  WScript.Echo "Input file " & strFilename & " not found."
  WScript.Quit
End If
Do Until objFile.AtEndOfStream
  strHost = objFile.ReadLine
  arrHost = Split(strHost, ",")
'Get name of computer
  strComputer = arrHost(0)
'Get GUID of application, which is the name of the reg entry
  strEntryName = arrHost(1)
  Wscript.Echo VbCrLf & strComputer
  Wscript.Echo String(Len(strComputer), "-")
'Connect with WMI service and StdRegProv class.
  Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
   strComputer & "\root\default:StdRegProv")
  If Err = 0 Then
'Add new reg entry
    SetValue
  Else
    WScript.Echo "Unable to connect to WMI StdRegProv on " & strComputer & "."
    WScript.Echo "  Error Number:" & Err.Number
    WScript.Echo "  Source:" & Err.Source
    WScript.Echo "  Description:" & Err.Description
  End If
  Err.Clear
Loop
objFile.Close

'******************************************************************************

Sub SetValue

Const HKEY_LOCAL_MACHINE = &H80000002
strKeyPath = "SOFTWARE\Microsoft\Ole\AppCompat" & _
 "\ActivationSecurityCheckExemptionList"
strValue = 1

intReturn = objReg.CreateKey(HKEY_LOCAL_MACHINE, strKeyPath)
If intReturn = 0 Then
  WScript.Echo "Created registry subkey: " & strKeyPath & VbCrLf & _
   "If it previously existed, did not overwrite existing values."
  intReturn = objReg.SetStringValue(HKEY_LOCAL_MACHINE, strKeyPath, _
   strEntryName, strValue)
  If intReturn = 0 Then
    WScript.Echo "Added registry entry: " & strEntryName & VbCrLf & _
     "Value: " & strValue
  Else
    WScript.Echo "ERROR: Unable to add registry entry " & strEntryName
  End If
Else
  WScript.Echo "ERROR: Unable to create registry path " & _
   strKeyPath
End If

End Sub

For online peer support, join The Official Scripting Guys Forum! To provide feedback or report bugs in sample scripts, please start a new discussion on the Discussions tab for this script.

Disclaimer

This sample script is not supported under any Microsoft standard support program or service. The sample script is provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.