DefaultAccessPermission
Sets the
Access Control List (ACL) of the principals that can access classes for which
there is no AccessPermission setting. This ACL is only used by
applications that don t call CoInitializeSecurity and do not have an AccessPermission value under their AppID.
Registry Entry
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\DefaultAccessPermission
= ACL
Remarks
The DefaultAccessPermission
is a named-value that is set to a REG_BINARY that contains data describing the
Access Control List (ACL) of the principals who can access classes for which
there is no AccessPermission named-value. In this case, the server
checks the ACL described by this value while impersonating the caller
that is attempting to connect to the object, and its success determines if the
access is allowed or disallowed. If the access-check fails, the connection to
the object is disallowed. If this named
value does not exist, only the ID of the server and local system are allowed to
call the server.
This key
supports a simple level of centralized administration of the default connection
access to running objects on a machine.
The
access-permissions on this key default to the following:
machine-administrators:
allow-access
SYSTEM: allow-access
INTERACTIVE: allow-access
See Also