Launch2 Permission Control Checks

A launch2 ACL is identified by the keyword launch2_acl. The ACL name must be unique to be used with a DCOM launch permissions item. A launch2 ACL can contain one or multiple user entry.

Usage

<launch2_acl: ["name"]>

 

<user: ["user_name"]>

acl_inheritance: ["value"]

acl_apply: ["value"]

(optional) acl_allow: ["rights value"]

(optional) acl_deny: ["rights value"]

</user>

 

</acl>

Syntax

Associated Types

Allowed Types

acl_inheritance

not inherited

inherited

acl_apply

this object only

acl_allow

acl_deny

These settings are optional and are used to define the rights a user has on the object.

Generic rights:

  • launch

Only use the launch2 ACL against Windows 2000 and NT systems.

An example launch access control check is shown below:

<launch2_acl: "2">

 

<user: "Administrators">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Launch"

</user>

 

<user: "INTERACTIVE">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Launch"

</user>

 

<user: "SYSTEM">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Launch"

</user>

 

</acl>