Launch Permission Control Checks

A launch ACL is identified by the keyword launch_acl. The ACL name must be unique to be used with a DCOM launch permissions item. A launch ACL can contain one or multiple user entry.

Usage

<launch_acl: ["name"]>

<user: ["user_name"]>

acl_inheritance: ["value"]

acl_apply: ["value"]

(optional) acl_allow: ["rights value"]

(optional) acl_deny: ["rights value"]

</user>

</acl>

Syntax

Associated Types	Allowed Types
acl_inheritance	not inherited inherited
acl_apply	this object only
acl_allow acl_deny	These settings are optional and are used to define the rights a user has on the object. Generic rights: local launch remote launch local activation remote activation

Associated Types

Allowed Types

acl_inheritance

not inherited

inherited

acl_apply

this object only

acl_allow

acl_deny

These settings are optional and are used to define the rights a user has on the object.

Generic rights:

local launch
remote launch
local activation
remote activation

This ACL only works against Windows XP/2003/Vista (and partially against Windows 2000).

An example launch access control check is shown below:

<launch_acl: "2">

<user: "Administrators">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Remote Activation"

</user>

<user: "INTERACTIVE">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Local Activation" | "Local Launch"

</user>

<user: "SYSTEM">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Local Activation" | "Local Launch"

</user>

</acl>