DefaultLaunchPermission
Defines the
Access Control List (ACL) of the principals that can launch classes that do not
specify their own ACL through the LaunchPermission named-value
Registry Entry
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\named_value
Remarks
The value for
the DefaultLaunchPermission named-value is a REG_BINARY that contains
the Access Control List (ACL) of the principals who can launch classes on the
current system. If the LaunchPermission named-value is set for a server,
it takes precedence over the DefaultLaunchPermission named-value. Upon
receiving a local or remote request to launch a server whose APPID key has no
LaunchPermission value of its own, the ACL described by this value is checked
while impersonating the client, and its success either allows or disallows the
launching of the class code.
This entry
supports a simple level of centralized administration of the default launching
access to otherwise unadministered classes on a machine. For example, an
administrator might use the DCOMCNFG tool to configure the system to allow
read-access only for power-users of the machine. OLE would therefore
restrict requests to launch class code to members of the power-users
group. The administrator could subsequently configure launch permissions for
individual classes to grant the ability to launch class code to other groups or
individual users as needed.
The
access-permissions in this named-value default to the following:
machine-administrators:
allow-launch
SYSTEM: allow-launch
INTERACTIVE: allow-launch
See Also