COM V1.1-A and higher for OpenVMS supports NTLM (NT LAN Manager) authentication for controlling access to COM objects.

Processes that execute client and server applications must obtain Windows credentials in order to be authenticated. Processes created automatically by DCOM$RPCSS to execute server applications obtain Windows credentials based on the Registry settings for the server being launched. Interactive processes that are used to execute client and server applications must obtain Windows credentials by running the NTA$LOGON utility (see Section 8.2).

This chapter applies to COM for OpenVMS in authenticated mode. See Appendix E for information about running COM for OpenVMS in an unauthenticated environment.

This chapter discusses the following topics:

• How to configure an OpenVMS system for NTLM authentication
• How to acquire Windows credentials
• The way security affects COM applications
• The way your domain configuration affects COM applications
• The Application Server run-time environment

NTLM authentication on OpenVMS is implemented in three major components of the operating system (see Section 4.10).

• ACME server --- controls the granting of credentials
• RPC and SSPI --- provide remote procedure calls and Windows-style authentication
• Advanced Server for OpenVMS --- maintains Windows accounts and provides mapping of Windows accounts to OpenVMS accounts

The ACME server, RPC, and SSPI are installed as part of the OpenVMS operating system and require no special configuration. Advanced Server for OpenVMS must be installed as a layered product and must be configured to support NTLM authentication for COM applications (see Section 4.4).

After installing Advanced Server for OpenVMS, you must create Windows domain accounts that will be used to execute COM applications. You must also map the Windows domain accounts to OpenVMS accounts.

The Advanced Server ADMINISTER utility is used to create Windows domain accounts. For example, to create the Windows domain account NTUSER1, use the following command:

$ ADMINISTER ADD USER NTUSER1 /PASSWORD="pppppp" /FLAG=NOPWDEXPIRED

The password is case sensitive, so it is enclosed in quotation marks in order to maintain case. A password without quotation marks is converted to uppercase. By default, Windows domain accounts are created with the password pre-expired, thus forcing the user to change the password at the first login. The NOPWDEXPIRED flag overrides this default.

A hostmap entry defines the association between a Windows user account and a local OpenVMS user account. When OpenVMS authenticates a Windows user, OpenVMS uses the hostmap entry to map the OpenVMS user account to the Windows user account and build the local OpenVMS user profile and the Windows NT user profile. If no hostmap entry exists, OpenVMS uses the Windows user account name as the local OpenVMS user account name.

Use the HP Advanced Server for OpenVMS ADMINISTER utility to define hostmap information. For example, to map the Windows domain account NTUSER1 to the OpenVMS account VMSUSER1, use the following command:

$ ADMINISTER ADD HOSTMAP NTUSER1 VMSUSER1

If the OpenVMS account does not already exist, you must create the account using the OpenVMS Authorize utility (AUTHORIZE). The OpenVMS account must have the EXTAUTH flag set, or the IGNORE_EXTAUTH flag (bit 11, %X0800) must be set in the SECURITY_POLICY SYSGEN parameter (see Section 5.1). This policy allows the OpenVMS system manager to control which OpenVMS user accounts can be used with Windows authentication. For example, to set the EXTAUTH flag for an OpenVMS account VMSUSER1, use the following command. For example:

$ AUTHORIZE == "$AUTHORIZE" $ AUTHORIZE MODIFY VMSUSER1 /FLAG=EXTAUTH

5.1.1 LOGINOUT.EXE Use of External Authentication

The EXTAUTH flag also directs LOGINOUT.EXE to use external authentication to authenticate an OpenVMS user during the login process (that is, local, dialup, remote, interactive, and network logins). When you set the EXTAUTH flag, LOGINOUT.EXE uses external authentication, not the OpenVMS SYSUAF.DAT record, to verify the user name and password.

LOGINOUT external authentication always requires that you set the EXTAUTH flag in the SYSUAF account record. Unlike NTA$LOGON and authenticated RPC, you cannot override this requirement using the IGNORE_EXTAUTH flag.

5.1.2 DCE Integrated Login Restriction

A site cannot use both external authentication and the older LGI-callout feature on the same system. If you have an LGI-callout image installed, external authentication is disabled for login purposes. Because DCE integrated login uses the LGI-callout mechanism, OpenVMS does not allow logins using Windows-based external authentication if DCE integrated login is enabled.

5.2 Cross-Domain Configuration

You can run a COM application on a system in one domain and have the application authenticated by a system in a second domain.

To configure authentication across Windows domains, you must do the following:

1. Set up trust relationships between domains.
   For more information, see the HP Advanced Server for OpenVMS Server Administrator's Guide.
2. Set up the HostMapDomains parameter on HP Advanced Server for OpenVMS domains (see Example 5-1).
   For more information, see the HP Advanced Server for OpenVMS Server Administrator's Guide.
3. Set up account hostmap entries between the Windows user account and a local OpenVMS user account.

Example 5-1 shows how you can set up the HostMapDomains parameter. In this example, there are two domains: DOMAIN_1 and DOMAIN_2 . Domain DOMAIN_2 is running HP Advanced Server for OpenVMS; domain DOMAIN_1 is a Windows domain. The commands in Example 5-1 introduce DOMAIN_2 to DOMAIN_1 .

Example 5-1 Sample: Setting Up HostMapDomains

SYSJANE$ show sym regutl REGUTL == "$SYS$SYSTEM:PWRK$REGUTL.EXE" SYSJANE$ regutl REGUTL> SET PARAM /CREATE VMSSERVER HOSTMAPDOMAINS DOMAIN_1 REGUTL> SHOW VALUE * HOSTMAPDOMAINS Key: SYSTEM\CurrentControlSet\Services\AdvancedServer\UserServiceParameters Value: HostmapDomains Type: String Current Data: DOMAIN_1

5.3 Acquiring Windows Credentials

After the Windows domain account and the OpenVMS account have been set up as described in Section 5.1, you can log in to the OpenVMS account using the usual OpenVMS login procedures. You can then acquire Windows credentials using the NTA$LOGON utility. For example:

$ NTA$LOGON == "$NTA$LOGON" $ NTA$LOGON NTUSER1 "pppppp"

In this format, pppppp is the password you specified when you created the Windows domain account. The password is enclosed in quotation marks to preserve case. A password without quotation marks is converted to lowercase. If the user name or password is not specified on the command line, the program prompts the user for the required input (see Section 8.2).

To acquire Windows credentials using NTA$LOGON , you must be logged in to the OpenVMS account to which the Advanced Server account is hostmapped. If not are not logged in, you must have the IMPERSONATE privilege and use the NTA$LOGON /OVERRIDE_MAPPING option. For example:

$ NTA$LOGON == "$NTA$LOGON" $ NTA$LOGON /OVERRIDE_MAPPING NTUSER2 "pppppp"

To determine whether a process has Windows credentials, use the NTA$LOGON utility with the /LIST switch. For example:

$ NTA$LOGON == "$NTA$LOGON" $ NTA$LOGON /LIST

5.4 Application Security

The COM security model allows the creation of secure distributed applications. COM security can be enabled by using settings in the OpenVMS Registry and by using COM security APIs and interfaces. There are two primary areas of security that can be applied to COM applications: launch security and activation security.

Launch security and activation security have system default settings; application-specific settings override these defaults. The settings are stored in the Registry and are maintained by using the DCOMCNFG utility on Windows and by using the DCOMCNFG option of DCOM$SETUP.COM on OpenVMS. The COM API CoInitializeSecurityEx can be used from within an application to enhance or override the Registry settings.

5.4.1 Launch Security

Launch security determines which Windows domain accounts can be used to create, or "launch" server processes. The launch security settings are referenced when a COM request is received on a system that will result in the launching of a server process to satisfy the request. These settings can explicitly or implicitly allow or disallow a user request to launch a server. The DCOM$RPCSS process authenticates the incoming request to determine the identity of the client. If DCOM$RPCSS determines that it needs to launch a server process to satisfy the request, DCOM$RPCSS allows or disallows the launching of the server based on the identity of the client and the launch security settings.

5.4.2 Activation Security

Activation security determines which Windows domain accounts can be used to execute method calls in server applications. The activation security settings are referenced when a COM request is received on a system for a method call in an existing server process. The server process authenticates the incoming request to determine the identity of the client. The server process allows or disallows the execution of the method call based on the identity of the client and the activation security settings.

5.4.3 Server Process Identity

A server process created by DCOM$RPCSS on OpenVMS is a detached process that has an OpenVMS identity and follows all the OpenVMS security rules for a detached process. In addition, it has a network identity that is used to enforce the COM security model (see Section 5.5).

COM servers create separate server threads to execute each client request. These server threads have their own OpenVMS identity and network identity, based on the identity of the client. When a server thread is executing a request on behalf of a client, it is the thread's identities, not the process' identities, that are used to enforce security.

5.4.4 Domain Issues

Two systems running COM client and server applications can exist in one of three possible domain configurations:

• Systems are in the same domain
• Systems are in separate domains with trusts established between the two domains
• Systems are in separate domains without trusts, or systems are not in a domain

The ability for servers and DCOM$RPCSS to authenticate client requests are affected by the domain configurations. When both systems are in the same domain or when the systems are in separate but trusted domains there is no problem authenticating. The trusted domain configuration is a bit more complex and requires that the trusts and mappings be configured correctly but once configured, there is no trouble authenticating (see Section 5.2).

Systems in separate, nontrusted domains or systems not in any domain cannot be authenticated using the normal mechanisms. To run authenticated COM applications between such systems, you must pass authentication information (user name and password) from the client to the server. COM provides this capability in the CoCreateInstanceEx API. The pServerInfo parameter of the CoCreateInstanceEx API allows you to specify a user name and password to be used for authentication on the remote server system. The user name and password are part of the COAUTHIDENTITY structure, within the COAUTHINFO structure within the COSERVERINFO structure, that is passed as the pServerInfo parameter to CoCreateInstanceEx.

Section C.3 shows how you can authenticate a remote client that is neither in the server's domain nor in a domain that has a trust with the server's domain.

The current NTLM security implementation on OpenVMS does not support this feature for COM client applications on OpenVMS. This feature is supported for COM clients on Windows that communicate with COM servers on OpenVMS. To run COM client applications on OpenVMS where the server is not in the same domain or in a trusted domain, you must disable authentication for the application, as described in Section 5.4.5.

5.4.5 Disabling Authentication

Under certain conditions, you may want to disable authentication between a client and server applications. This feature disables many of the security features of COM and of the operating system and should not be used in an environment where security is required. There are two ways to disable authentication for COM applications:

• Use DCOMCNFG to change the default authentication level to None on both systems.
• Add a call to CoInitializeSecurity in both the client and server applications and set the dwAuthnLevel parameter to RPC_C_AUTHN_LEVEL_NONE.

The server must be configured to run with a specific NTLM account identity. Since the client will not be authenticated, there is no way for the server to run with a client's identity. To configure a server to run with a specific NTLM identity, use DCOMCNFG and change the application properties to select the NTLM account.

5.4.6 Access Denied Problems (80070005)

The most common security error a COM application will encounter is access denied (error status value 80070005). The following is a list of the most common causes of this error:

• Client process on OpenVMS does not have Windows credentials. Run NTA$LOGON to acquire Windows credentials.
• Application-specific launch or access permissions do not allow access. Check the application settings using DCOMCNFG (see Section 6.3.1).
• System default launch or access permissions do not allow access. Check the system defaults using DCOMCNFG (see Section 6.3.6).
• CoInitializeSecurityEx API call is incorrect. Verify that the client and server security calls are valid.
• Server process or thread does not have permission to perform a particular operation. Verify that the OpenVMS identity being used to execute a client request has the necessary privileges to perform the operation.
• Server process does not have access to the server images. Verify that the OpenVMS identity used to launch a server process has read and execute permissions for the server image and any dynamically loaded images (.EXE files).
• Advanced Server hostmap entry problems. In order for NTLM authentication to work correctly, Windows domain accounts must be mapped to OpenVMS accounts (see Section 5.1). To verify the mapping of Windows domain accounts to OpenVMS accounts, use the ADMINISTER command:

  $ ADMINISTER SHOW HOSTMAP

  
  In a multiple-domain environment with trusts established between domains, cross-domain mappings must be created (see Section 5.2). Under certain conditions, the Advanced Server is unable to verify a user account associated with a hostmap entry. Any attempt to display the hostmap entry of a user name that can not be verified will result in the user name being displayed using its eight-digit hexadecimal internal representation (for example, "DOMAINNAME\000003fd"). If this happens, verify that the Advanced Server is running on each machine. You should also verify the trusts between domains using the following ADMINISTER command:

  $ ADMINISTER SHOW TRUST

  
  If the trusts are valid and the hostmap entries are still displayed with the numeric format, you should shut down and restart the Advanced Server.

When DCOM$RPCSS launches a server in response to a client request for a COM object, DCOM$RPCSS creates a detached process and executes either the server image or server command file in the context of the detached process. The image or command file that is executed is determined by the value of the Registry key HKEY_CLASSES_ROOT\CLSID\{iid}\LocalServer32, where iid is the unique identifier of the COM object.

The run-time environment of the detached process is as follows:

• Default directory
  The default directory of the detached process is the same as the default directory of DCOM$RPCSS . This is determined by the default directory of the process that executed the DCOM$STARTUP command file. If DCOM$STARTUP is executed by the system startup procedure, then the default directory will be SYS$SYSTEM .
• Windows identity
  Depends on the application identity setting. This setting is made using DCOMCNFG .
  If the application identity is set to "launching user" (the default), then the Windows identity of the detached process is the same as the Windows identity of the client.
  If the application identity is set to a specific NTLM account then the Windows identity of the detached process is that of the NTLM account.
• OpenVMS user name
  The OpenVMS user name of the detached process is the user name that is mapped to the Windows identity of the detached process. The mapping of OpenVMS user name to Windows identity is established using the Advanced Server ADMINISTER utility (see Section 5.1).
• OpenVMS privileges
  Depends on the application identity setting. This setting is made using DCOMCNFG .
  If the application identity is set to "launching user" (the default), then the privileges depend on the location of the client. If the client is running on the same system as the server, then the privileges of the detached process will match the privileges of the client. If the client is running on a different system from the server, then the privileges of the detached process will be the default privileges of the OpenVMS user name account.
  If the application identity is set to a specific NTLM account then the privileges of the detached process will be the default privileges of the OpenVMS user name account.
• Process logicals
  SYS$INPUT and SYS$OUTPUT are defined to the disk device where the server image or command file is located. For example, if the server image is DKA0:[TEST]CMPNT.EXE , then SYS$INPUT and SYS$OUTPUT are defined to DKA0: . SYS$SCRATCH is not defined.
  If these environment settings are not sufficient for the successful execution of your server, then you should explicitly define the environment settings you need. One way to easily set up an environment for your server is to create a command file to run your server, and register the command file, instead of the executable image, as the file to be executed when the server is launched. You can define the environment in the command file prior to executing the server image. For example, if you build SAMPLE1 in the directory DKA0:[SAMPLE1] and register it using the BUILD_SAMPLE1 command file, then the server image will be named DKA0:[SAMPLE1]CMPNT.EXE . The Registry key HKEY_CLASSES_ROOT\CLSID\{0C092C21-882C-A6BB-0080C7B2D682}\LocalServer32 will have a value of DKAO:[SAMPLE1]CMPNT.EXE . You can change the value of that key to DKA0:[SAMPLE1]RUN_CMPNT.COM and create the command file, as follows:

  $! RUN_CMPNT.COM $! Command file to run SAMPLE1 $ set default DKA0:[SAMPLE1] $ define sys$output DKA0:[SAMPLE1]SAMPLE1.LOG $ ! Other definitions as needed $ RUN CMPNT.EXE $ exit

  
  When DCOM$RPCSS receives a request for SAMPLE1 and launches a server, the server executes this command file in the detached process.

This chapter describes how to configure your OpenVMS system (and, optionally, your Windows system) to develop and deploy COM applications. It describes the following COM for OpenVMS utilities:

• The DCOM$SETUP utility, which helps a system manager configure the COM for OpenVMS system environment.
• The DCOM$CNFG utility, which helps an application developer configure and examine COM applications.
• The DCOM$REGSVR32 utility, which allows an application developer to register and unregister in-process server applications.

This chapter also includes information about configuring OpenVMS and Windows systems to interoperate.

DCOM$SETUP is a collection of tools to help a system manager configure the COM for OpenVMS system environment.

DCOM$SETUP Conventions and Requirements

• For Yes/No questions, you can enter any one of the following:
  • YES or NO
  • Y or N
  • [Return] (to accept the default value)
• Some DCOM$SETUP options require system manager privileges and OpenVMS Registry access.

To run DCOM$SETUP , enter @SYS$STARTUP:DCOM$SETUP at the OpenVMS system prompt.

The system displays the OpenVMS COM Tools menu.

Figure 6-1 DCOM$SETUP OpenVMS COM Tools Menu

--------------------------------------------------------- OpenVMS COM Tools 1) DCOMCNFG, COM Configuration Properties 2) GUIDGEN, Globally Unique Identifier Generator 3) Populate the Registry database for COM 4) Start the COM server 5) Stop the COM server 6) Register a COM application 7) Create the DCOM$GUEST account and directory 8) Configure the DCOM$RPCSS accounts H) Help E) Exit Please enter your choice: ---------------------------------------------------------

To choose an option, enter the option number. The options are as follows:

• 1) DCOMCNFG, COM Configuration Properties
  Use to query information and manipulate properties of COM for OpenVMS applications. For more information, see Section 6.3.
• 2) GUIDGEN, Globally Unique Identifier Generator
  Generate CLSIDs (class IDs) (or GUIDs [globally unique identifiers]) in various formats (for example, the OpenVMS Registry or Windows Registry format). The CLSID tags each application with a unique identifier.
  This version of DCOM$SETUP generates GUIDs in OpenVMS Registry and Windows Registry formats only. For a discussion of other formats, see Section 7.1.
• 3) Populate the Registry database for COM
  Set up the OpenVMS Registry database. COM for OpenVMS requires that specific keys and values be added to the OpenVMS Registry database. You must have both write access to the OpenVMS Registry and Windows Administrator privileges.
• 4) Start the COM server
  Start the COM for OpenVMS Server Control Manager server ( DCOM$RPCSS ). DCOM$SETUP calls the SYS$STARTUP:DCOM$STARTUP procedure to start the server. For more information, see Section 6.2.2.
• 5) Stop the COM server
  Shut down the COM for OpenVMS Service Control Manager server ( DCOM$RPCSS ). DCOM$SETUP calls the SYS$STARTUP:DCOM$SHUTDOWN procedure to stop the server. For more information, see Section 6.2.2.
• 6) Register a COM application
  Register a COM for OpenVMS server application. You can register the following types of servers:
  • In-process server
    When you register an in-process server, the system prompts you for the server's location.
  • Local server or out-of-process server
    When you register a local server or out-of-process server, the system prompts you for the following information:
    • Full path information (location of the server)
      This is a required value. Use the following syntax: device::[directory]file-name.ext
    • Application title
      This is an optional value. If you do not supply a title, the system uses a default title.
    • CLSID (GUID)
      This is a required value. If the server does not have a CLSID, the system generates one automatically. For more information about CLSIDs and LocalServer32, see Section 7.5.1.
    
    After you complete the registration process, the system generates the following files:
    1. A Windows Registry file ( server-name.REG_NT ) that you can use to register the application on a Windows system.
    2. An OpenVMS command procedure ( server-name.REG_VMS ) that you can use to register the server on an OpenVMS system.
    
    When you use these files on other systems, you must modify the path statement to point to the server's current location. For more information, see Section 6.2.3.
• 7) Create the DCOM$GUEST account and directory
  You must create the DCOM$GUEST account before you can use COM for OpenVMS without NTLM authentication.
• 8) Configure the DCOM$RPCSS accounts
  Configure and create the DCOM$RPCSS HP Advanced Server for OpenVMS user and SYSUAF accounts. The COM for OpenVMS Service Control Manager ( DCOM$RPCSS ) requires these accounts for authentication. For more information, see Section 6.2.1.
• H) Help
  Display help about each menu option.
• E) Exit
  Exit the menu.

To display these functions, choose option 8 from the OpenVMS COM Tools menu. The system displays the following:

--------------------------------------------------------- Configure the COM for OpenVMS Service Control Manager (DCOM$RPCSS) accounts 1) Create the DCOM$RPCSS account in both the SYSUAF database and the Advanced Server for OpenVMS SAM database. The password you specify for the new DCOM$RPCSS user is stored in a protected file. 2) Update the DCOM$RPCSS user password in the COM for OpenVMS Service Control Manager password file. E) Exit Please enter your choice: ---------------------------------------------------------

Enter one of the following:

• 1) Create the DCOM$RPCSS account . . .
  This option creates the DCOM$RPCSS account in both the SYSUAF database and the HP Advanced Server for OpenVMS SAM database.
  The password you specify for the DCOM$RPCSS user is stored in a protected file that the COM for OpenVMS Service Control Manager uses to log into the NTLM network and obtain a Windows identity.

  Note The system creates this account in the HP Advanced Server for OpenVMS database with a password that will not expire. To change this behavior (that is, modify the account so that the password expires according to the HP Advanced Server for OpenVMS User Policy), use the following procedure: Run the HP Advanced Server for OpenVMS ADMIN utility. Log into the Administrator account. Issue the following ADMIN command: ADMIN> MODIFY USER DCOM$RPCSS/FLAG=NODISPWDEXP To determine the maximum password age in the HP Advanced Server for OpenVMS User Policy, enter the following ADMIN command: ADMIN> SHOW ACCOUNT POLICY If you change the HP Advanced Server for OpenVMS password of the DCOM$RPCSS account, you must update the password in the COM for OpenVMS Service Control Manager password file. (See option 2 [Update the DCOM$RPCSS user password].)

  
  Use the following procedure:
  1. Enter 1 .
     The system displays the following:

     To create a new account, you must be logged on to an existing Advanced Server for OpenVMS account that is capable of adding new users. Enter Y[ES] to log on to this account:

     
     You must belong to the PATHWORKS administrator group to create this account.

  2. Enter Y .
     The system prompts you to log on. The password is not displayed as you enter it.

     Enter username: JOSEPHM Password: Confirm password:

     
     The system prompts you to enter a new password, and then asks you to confirm the password. The password is not displayed as you enter it.

     Enter the new DCOM$RPCSS password. Enter password: Confirm password:

     
     The system uses this password for both the SYSUAF account (DCOM$RPCSS) and the PATHWORKS user account (DCOM$RPCSS). The system stores this password in the COM for OpenVMS Service Control Manager password file.
     The system displays the following account creation information:

     %PWRK-S-USERADD, user "DCOM$RPCSS" added to domain "DCOM1_DOMAIN" Username: DCOM$RPCSS Owner: COM Account: UIC: [37776,1] ([DCOM$RPCSS]) CLI: DCL Tables: DCLTABLES Default: SYS$SYSDEVICE:[DCOM$RPCSS] LGICMD: Flags: ExtAuth Primary days: Mon Tue Wed Thu Fri Secondary days: Sat Sun No access restrictions Expiration: (none) Pwdminimum: 6 Login Fails: 0 Pwdlifetime: (none) Pwdchange: (pre-expired) Last Login: (none) (interactive), (none) (non-interactive) Maxjobs: 0 Fillm: 100 Bytlm: 64000 Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0 Maxdetach: 0 BIOlm: 150 JTquota: 4096 Prclm: 8 DIOlm: 150 WSdef: 1024 Prio: 4 ASTlm: 250 WSquo: 4000 Queprio: 4 TQElm: 10 WSextent: 8000 CPU: (none) Enqlm: 2000 Pgflquo: 130000 Authorized Privileges: NETMBX TMPMBX Default Privileges: NETMBX TMPMBX %PWRK-S-HOSTMAPADD, user "DCOM$RPCSS" mapped to host user "DCOM$RPCSS" Press RETURN to continue:

• 2) Update the DCOM$RPCSS user password . . .
  If you change the DCOM$RPCSS user password in the HP Advanced Server for OpenVMS SAM database, you must also update the password in the COM for OpenVMS Service Control Manager password file.
  Use the following procedure:
  1. Enter 2 .
     The system displays the following:

     Enter the new DCOM$RPCSS password. Enter password: Confirm password:

  2. Enter the new password and confirm the password.
• E) Exit
  Exit the menu.

COM for OpenVMS requires that the COM server process ( DCOM$RPCSS ) always be running. The DCOM$RPCSS process on OpenVMS provides the same functions for the COM run-time environment that the RPCSS process provides on Microsoft Windows, including the following:

• Build and maintain the list of server objects running on the system.
• Build and maintain a cache of known applications as defined in the registry. This cache improves COM performance.
• Start a server as a detached process whenever a client requests a connection to a server object that is not currently running.
• Communicate with the RPCSS process on remote Windows systems or the DCOM$RPCSS process on OpenVMS systems to locate or start remote server objects.

To start DCOM$RPCSS , either use DCOM$SETUP option 4 ("Start") (see Section 6.2) or call the COM for OpenVMS startup procedure directly from SYS$STARTUP:DCOM$STARTUP . See Section 4.13 for information on starting COM for OpenVMS.

To stop DCOM$RPCSS on your system, either use the DCOM$SETUP option 5 ("Stop") (see Section 6.2) or call the COM for OpenVMS shutdown procedure directly from SYS$STARTUP:DCOM$SHUTDOWN . See Section 4.14 for information on shutting down COM for OpenVMS.

6.2.3 Registering an Application

The following example shows how to register the COM for OpenVMS "Simple" application included on the COM for OpenVMS kit. You can use the resulting Windows file to register the server on a Windows system as long as the application is available on your Windows system.

To build the "Simple" application on a Windows system, see and execute the instructions in the README-SIMPLE.TXT file in DCOM$EXAMPLES:[SIMPLE] .

Use the following procedure:

1. From the DCOM$SETUP menu, enter 6 or REGISTER .
2. Answer the questions as follows:

   Note The "Simple" application already has a CLSID.

   Example 6-1 Sample" Simple" Application Registration on OpenVMS

   Enter server type (1. In-Proc 2. Out-Proc): 2 [Return] Enter Local Path (device:[directory]filename.ext): DKA0:[SMITH]SSERVER.EXE [Return] Enter Application Name (<RETURN> to assign default): COM Simple Server [Return] Does the server have a CLSid {GUID} (Yes/No) [N]: Y [Return] Enter the CLSid (i.e. {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}: {5e9ddec7-5767-11cf-beab-00aa006c3606} [Return] Verify Application Information: Application Name: COM SIMPLE SERVER Local Path: DKA0:[SMITH]SSERVER.EXE Application ID: {5E9DDEC7-5767-11CF-BEAB-00AA006C3606} Is the information correct (Yes/No) [Y]: [Return] Register application (Yes/No)? [Y]: [Return] SETUP-I-NEWFILES, The following files have been created: DKA0:[SMITH]SSERVER.REG_NT DKA0:[SMITH]SSERVER.REG_VMS SETUP-I-SRVIN, Server has been registered Press RETURN to continue: [Return]

To register the "Simple" application on a Windows system, use the following procedure:

1. Copy all the files in the DCOM$EXAMPLES:[SIMPLE] directory to your Windows system.
2. Rename SSERVER.REG_NT to SSERVER.REG .
3. Edit the file to point to the local server path.
   For example, replace DEVICE:\SSERVER with C:\SSERVER .
4. Run the Install.bat program to add the necessary keys to the Windows registry.

Example 6-2 shows the contents of SSERVER.REG_NT .

Example 6-2 Contents of SSERVER.REG_NT

REGEDIT HKEY_CLASSES_ROOT\CLSID\{5E9DDEC7-5767-11CF-BEAB-00AA006C3606}\ = DCOM server application SSERVER HKEY_CLASSES_ROOT\CLSID\{5E9DDEC7-5767-11CF-BEAB-00AA006C3606}\LaunchPermission = Y HKEY_CLASSES_ROOT\CLSID\{5E9DDEC7-5767-11CF-BEAB-00AA006C3606}\LocalServer32 = DEVICE:\SSERVER

To reregister the "Simple" application on an OpenVMS system, enter the following command at the system prompt:

$ @SSERVER.REG_VMS

Example 6-3 shows the contents of the SSERVER.REG_VMS command procedure:

Example 6-3 Contents of SSERVER.REG_VMS

$ Set noon $ regcp := $regcp $ crekey := $regcp create key $ creval := $regcp create value $ modval := $regcp modify value $ lisval := $regcp list value $ crekey HKEY_CLASSES_ROOT\CLSID\{5E9DDEC7-5767-11CF-BEAB-00AA006C3606} $ creval HKEY_CLASSES_ROOT\CLSID\{5E9DDEC7-5767-11CF-BEAB-00AA006C3606} - /data="DCOM server application SSERVER" /type=sz $ creval HKEY_CLASSES_ROOT\CLSID\{5E9DDEC7-5767-11CF-BEAB-00AA006C3606}/name="AppID" - /data="{5E9DDEC7-5767-11CF-BEAB-00AA006C3606}" /type=sz $ crekey HKEY_CLASSES_ROOT\CLSID\{5E9DDEC7-5767-11CF-BEAB-00AA006C3606}\LaunchPermission $ creval HKEY_CLASSES_ROOT\CLSID\{5E9DDEC7-5767-11CF-BEAB-00AA006C3606}\LaunchPermission - /data="Y" /type=sz $ crekey HKEY_CLASSES_ROOT\CLSID\{5E9DDEC7-5767-11CF-BEAB-00AA006C3606}\LocalServer32 $ creval HKEY_CLASSES_ROOT\CLSID\{5E9DDEC7-5767-11CF-BEAB-00AA006C3606}\LocalServer32 - /data="DKA0::[SMITH]SSERVER.EXE" /type=sz $

6.3 Running DCOM$CNFG

DCOM$CNFG is a utility to help COM developers configure and manage COM for OpenVMS applications on OpenVMS. Use the DCOM$CNFG utility to query information and manipulate properties of COM for OpenVMS applications.

To use the DCOM$CNFG utility, choose option 1 from the DCOM$SETUP menu.

The system displays the DCOM$CNFG Main menu.

Figure 6-2 DCOM$CNFG Main Menu

--------------------------------------------------------- DCOM$CNFG Main 1 - Applications List 2 - System-wide Default Properties 3 - System-wide Default Security (E to Exit) (H for Help) Enter <CTRL-Z> or 'E' to return to the previous menu at any time Please enter your choice: ---------------------------------------------------------

The options are as follows:

• 1 - Applications List
  Lists all applications registered on this machine. For more information about this option, see Section 6.3.1.
• 2 - System-wide Default Properties
  Allows you to set systemwide machine properties. For more information about this option, see Section 6.3.5.
• 3 - System-wide Default Security
  Allows you to set systemwide security parameters. For more information about this option, see Section 6.3.6.

To display this submenu, from the DCOM$CNFG Main menu, choose option 1.

The system displays the Applications List submenu.

Figure 6-3 Applications List Submenu

--------------------------------------------------------- Applications List Index Name 1 Inside COM, Chapter 11 Example 2 application 2 3 application 3 . ... . ... . ... (E to Exit to previous menu) (H for Help) Please enter Index number to select an Application: ---------------------------------------------------------

Enter a number to select an application. You can then view or configure its properties.

This option displays the Application Properties submenu.

Figure 6-4 Application Properties Submenu

------------------------------------------------------------------ Application Properties General Properties of this DCOM Application Application name: Inside COM, Chapter 11 Example Application id: {0C092C2C-882C-11CF-A6BB-0080C7B2D682} Application type: local server Local path: DISK1:[SMITH.DISPATCH_SAMPLE1]CMPNT.EXE Type Library: {D3011EE1-B997-11CF-A6BB-0080C7B2D682} version: 1.0 DISK1:[SMITH.DISPATCH_SAMPLE1]Server.tlb 1 - Location Machine to run application 2 - Security Security permissions for application 3 - Identity User account to use to run application (E to Exit to previous menu) (H for Help) Please enter Application Property you wish to change: ------------------------------------------------------------------

If the system cannot find the type library file or if the type library is unaccessible, the system displays an error message next to the type library file name.

The options are as follows:

• 1 - Location: Machine to run application
  This option allows you to set or change the machine on which the COM application will run.
  The system displays the Application Location submenu.

  Figure 6-5 Application Location Submenu

  ---

  --------------------------------------------------------- Application Location The following settings allow DCOM to locate the correct computer for this application. If more than one machine is selected then DCOM uses the first available one. Client applications may override these selections. Application name: Inside COM, Chapter 11 Example 1 - Run application on this computer (Yes/No) Current value: Yes 2 - Run application on another computer Current value: Currently Disabled (E to Exit to previous menu) (H for Help) Please enter your choice: ---------------------------------------------------------

  
  The options are as follows:

  • 1 - Run application on this computer
    Indicates whether the application will be run on the local computer. Select the option to change the current value.
  • 2 - Run application on another computer
    Indicates that the application will be run on the specified computer. Select the option and enter one of the following:
    • A valid system name to change the current value.
    • A hyphen (-) to disable the value. This sets the field to "Currently Disabled."
• 2 - Security: Security permissions for application
  This option allows you to set the following security properties:
  • Access permission: allow or deny access to users or groups to access this application.
  • Launch permission: allow or deny access to users or groups to run this application.
  • Configuration permission: identify users or groups who have read, write, or special access to the OpenVMS Registry area that contains information about the application.
• 3 - Identity: User account to use to run application
  This option allows you to run the application server using the security context of the specified user account.
  The system displays the Application Identity submenu. See Section 6.3.4.

The system uses the systemwide default security values unless you specify a different setting.

The system displays the Application Security submenu.

Figure 6-6 Application Security Submenu

--------------------------------------------------------- Application Security Application name: Inside COM, Chapter 11 Example Current Access permissions: Custom Current Launch permissions: Custom Current Configuration permissions: Default 1 - Use Default Access permission 2 - Edit Custom Access permission 3 - Use Default Launch permission 4 - Edit Custom Launch permission 5 - Use Default Configuration permission 6 - Edit Custom Configuration permission (E to Exit to previous menu) (H for Help) Please enter your choice: ---------------------------------------------------------

The options are as follows:

• 1 - Use Default Access permission
  Sets the system to the default access permission values.
• 2 - Edit Custom Access permission
  Displays the Registry Value Permissions submenu. This submenu allows you to view, add, modify, and delete access permission values for this application. For this set of submenus, see Section 6.3.2.
  The ACL Editor starts with the systemwide default values unless you previously set other values.
• 3 - Use Default Launch permission
  Use the systemwide default launch permission values.
• 4 - Edit Custom Launch permission
  Displays the Registry Value Permissions submenu. This submenu allows you to view, add, modify, and delete launch permission values for this application. For this set of submenus, see Section 6.3.2.
  The ACL Editor starts with the systemwide default values unless you previously set other values.
• 5 - Use Default Configuration permission
  Use the systemwide configuration permission values.
• 6 - Edit Custom Configuration permission
  The system displays the Registry Key Permissions submenu. This submenu allows you to view, add, modify, delete, and configure special access security permissions for this application. For this set of submenus, see Section 6.3.3.

To display this submenu:

1. From the DCOM$CNFG menu, choose option 1.
2. From the Applications List submenu, choose any application.
3. From the Application Properties submenu, choose option 2.
4. From the Application Security submenu, choose option 2 or 4.

Figure 6-7 Registry Value Permissions Submenu

--------------------------------------------------------- Registry Value Permissions Application name: Inside COM, Chapter 11 Example Registry Value: LaunchPermission Owner: Administrator Index Name Type of Access 1 OPENVMS_DCOM\USER1 Deny 2 BUILTIN\Administrators Allow 3 Everyone Allow 4 NT AUTHORITY\SYSTEM Allow 5 OPENVMS_DCOM\USER2 Allow (Index Number to Delete or Modify Access) (A to Add to list) (E to Exit to previous menu) (H for Help) Please enter your choice: ---------------------------------------------------------

The options are as follows:

• Index Number...
  To change or delete an access type, enter the corresponding index number. The system displays Edit Registry Value Permissions submenu. See Figure 6-8.
• A to Add to List
  This option displays the Add Registry Value Permissions submenu. This submenu allows you to add a new entry to the OpenVMS Registry value's Access Control List. See Figure 6-9.

Figure 6-8 Edit Registry Value Permissions Submenu

--------------------------------------------------------- Edit Registry Value Permissions Application name: Inside COM, Chapter 11 Example Registry Value: AccessPermission Owner: Administrator Name: OPENVMS_DCOM\USER1 Type of Access: Deny 1 - Delete entry from list 2 - Change Access (E to Exit to previous menu) (H for Help) Please enter your choice: ---------------------------------------------------------

The options are as follows:

• 1 - Delete entry from list
  Delete the entry from the Access Control List. If you delete all entries, you will deny access and launch permissions to everyone for the selected value.
• 2 - Change Access
  Toggle the access type from Allow to Deny or Deny to Allow.

  Figure 6-9 Add Registry Value Permissions Submenu

  ---

  --------------------------------------------------------- Add Registry Value Permissions Application name: Inside COM, Chapter 11 Example Registry Value: LaunchPermission Owner: ROLLO 1 - Add Specific User or Group 2 - Add Everyone 3 - Add NT AUTHORITY\System 4 - Add BUILTIN\Administrators (E to Exit to previous menu) (H for Help) Please enter your choice: ---------------------------------------------------------

  
  The options are as follows:

  • 1 - Add Specific User or Group
    Prompts for a user/group name and type of access. Specify the user name as domain\username or username if the account exists on the current domain.
  • 2 - Add Everyone
    Allow or Deny Everyone Access/Launch permission to the application.
  • 3 - Add NT AUTHORITY\System
    Allow or Deny System Access/Launch permission to the application.
  • 4 - Add BUILTIN\Administrators
    Allow or Deny Administrator Access/Launch permission to the application.
  
  When a user is part of two or more groups, Deny access takes precedence over Allow access .

To display this submenu:

1. From the DCOM$CNFG menu, choose option 1.
2. From the Applications List submenu, choose any application.
3. From the Application Properties submenu, choose option 2.
4. From the Application Security submenu, choose option 6.

Figure 6-10 Registry Key Permissions Submenu

--------------------------------------------------------- Registry Key Permissions Application name: Inside COM, Chapter 11 Example Registry Key: Inside COM, Chapter 11 Example Owner: Administrator Index Name Type of Access 1 BUILTIN\Administrators Full Control 2 NT AUTHORITY\SYSTEM Full Control 3 CREATOR OWNER Full Control 4 Everyone Special Access 5 OPENVMS_DCOM\USER1 Read (Index Number to Delete or Modify Access) (A to Add to list) (E to Exit to previous menu) (H for Help) Please enter your choice: ---------------------------------------------------------

The options are as follows:

• Index Number...
  To change or delete an access type, enter the corresponding index number. The system displays Edit Registry Key Permissions submenu. See Figure 6-11.
• A to Add to List
  This option displays the Add Registry Key Permissions submenu. This submenu allows you to add a new entry to the OpenVMS Registry key's Access Control List. See Figure 6-13.

Figure 6-11 Edit Registry Key Permissions Submenu

--------------------------------------------------------- Edit Registry Key Permissions Application name: Inside COM, Chapter 11 Example Registry Key: Inside COM, Chapter 11 Example Owner: Administrator Name: BUILTIN\Administrators Type of Access: Full Control 1 - Delete entry from list 2 - Allow Full Control 3 - Allow Read Access 4 - Set/View Special Access (E to Exit to previous menu) (H for Help) Please enter your choice: ---------------------------------------------------------

The options are as follows:

• 1 - Delete entry from list
  Delete the entry from the security permissions list. If you delete all entries, noone can access the key and only the owner can change the permissions.
• 2 - Allow Full Control
  Allow the user to access, to edit, and to take ownership of the key.
• 3 - Allow Read Access
  Allow the user to read the key but not to save any changes to it.
• 4 - Set/View Special Access
  Displays the Special Access Registry Key Permissions submenu. This submenu allows you to set customized permissions for the selected user or groups. See Figure 6-12.

Figure 6-12 Special Access Registry Key Permissions Submenu

--------------------------------------------------------- Special Access Registry Key Permissions Application name: Inside COM, Chapter 11 Example Registry Key: Inside COM, Chapter 11 Example Name: Everyone Type of Access Current Value 0 - Query Value Yes 1 - Set Value Yes 2 - Create Subkey Yes 3 - Enumerate Subkeys Yes 4 - Notify Yes 5 - Create Link No 6 - Delete Yes 7 - Write DACL No 8 - Write Owner No 9 - Read Control Yes (E to Exit to previous menu) (H for Help) Please enter your choice: ---------------------------------------------------------

The options are as follows:

• 0 - Query Value
  Allow the user to read a value from the key.
• 1 - Set Value
  Allow the user to set one or more values for the key.
• 2 - Create Subkey
  Allow the user to create subkeys on the key.
• 3 - Enumerate Subkeys
  Allow the user to identify the subkeys of the key.
• 4 - Notify
  Allow the user to audit notification events from the key.
• 5 - Create Link
  Allow the user to create a symbolic link in the key.
• 6 - Delete
  Allow the user to delete the key.
• 7 - Write DACL
  Allow the user access to the key to write a discretionary ACL to the key.
• 8 - Write Owner
  Allow the user access to the key to take ownership of the key.
• 9 - Read Control
  Allow the user access to the security information on the key.

Figure 6-13 Add Registry Key Permissions Submenu

--------------------------------------------------------- Add Registry Key Permissions Application name: Inside COM, Chapter 11 Example Registry Key: Inside COM, Chapter 11 Example Owner: Administrator 1 - Add Specific User or Group 2 - Add Everyone 3 - Add NT AUTHORITY\System 4 - Add BUILTIN\Administrators (E to Exit to previous menu) (H for Help) Please enter your choice: ---------------------------------------------------------

The options are as follows:

• 1 - Add Specific User or Group
  Prompts for a user/group name and type of access. Specify the user name as domain\username or username if the account exists on the current domain.
• 2 - Add Everyone
  Allow Everyone Full Control or Read Access to the application.
• 3 - Add NT AUTHORITY\System
  Allow System Full Control or Read Access to the application.
• 4 - Add BUILTIN\Administrators
  Allow Administrator Full Control or Read Access to the application.

To display this submenu:

1. From the DCOM$CNFG menu, choose option 1.
2. From the Applications List submenu, choose any application.
3. From the Application Properties submenu, choose option 3.

The system displays the Application Identity submenu.

Figure 6-14 Application Identity Submenu

--------------------------------------------------------- Application Identity Which user account do you want to use to run this application? Application name: Inside COM, Chapter 11 Example Current Identity: NTLM Account OPENVMS_DCOM\USER2 1 - Launching User 2 - NTLM Account 3 - OpenVMS Username 4 - OpenVMS DCOM Guest Account (E to Exit to previous menu) (H for Help) Please enter account you wish to use: ---------------------------------------------------------

The options are as follows:

• 1 - Launching User
  Specifies that the application will run using the security context of the user who started the application. This is the default if NTLM security is available.
• 2 - NTLM Account
  Specifies that the application will run using the security context of the specified NTLM account. If you specify a valid User/Group name, the system prompts you for a password. The system checks that the password matches the password you used to log on (through NTA$LOGON ). If the passwords do not match, you can either continue and write this new password to the OpenVMS Registry or reenter a password that matches your logon password.

  Note If you enter a new password, the system does not synchronize the new password with any other password. You must synchronize the passwords manually. You must have the IMPERSONATE privilege for the password to be validated. You must have system write access (SYSPRV or REG$UPDATE) to the OpenVMS Registry to write the password to the database.

• 3 - OpenVMS Username
  Specifies that the application will run using the security context of the specified OpenVMS account. This option is active only when you are using unauthenticated COM for OpenVMS.
• 4 - OpenVMS DCOM Guest Account
  Specifies that the application will run using the security context of the OpenVMS DCOM Guest account. This option is active only when you are using unauthenticated COM for OpenVMS. If you are using unauthenticated COM for OpenVMS, this option is the default.

To display this submenu, from the DCOM$CNFG Main menu, choose option 2.

The system displays the System-wide Default Properties submenu.

Figure 6-15 System-wide Default Properties Submenu

--------------------------------------------------------- System-wide Default Properties 1 - Enable Distributed COM on this computer (Yes/No) Current value: Yes 2 - Default Authentication Level 3 - Default Impersonation Level (E to Exit to previous menu) (H for Help) Please enter your choice: ---------------------------------------------------------

The options are as follows:

• 1 - Enable Distributed COM on this computer (Yes/No)
  Enables or disables COM on this computer.
• 2 - Default Authentication Level
  Sets packet-level security on communications between applications. This systemwide default applies to all applications installed on this computer.

  Figure 6-16 Default Authentication Level Submenu

  ---

  ------------------------------------------------------------------ Default Authentication Level The Authentication Level specifies security at the packet level. Current value: Connect 1 - Default 2 - None 3 - Connect 4 - Call 5 - Packet 6 - Packet Integrity (E to Exit to previous menu) (H for Help) Please enter your choice: ------------------------------------------------------------------

  
  Enter a number to select the desired Authentication level. When installed, the system default for the Default Authentication Level is Connect .

• 3 - Default Impersonation Level
  Specifies whether applications can determine who is calling them, and whether the application can perform operations using the client's identity.

  Figure 6-17 Default Impersonation Level Submenu

  ---

  ------------------------------------------------------------------ Default Impersonation Level The Impersonation Level specifies whether applications can determine who is calling them, and whether the application can perform operations using the client's identity. Current value: Identify 1 - Anonymous 2 - Identify 3 - Impersonate (E to Exit to previous menu) (H for Help) Please enter your choice: ------------------------------------------------------------------

  
  Enter a number to select the desired Impersonation level. When installed, the system default for the Default Impersonation Level is Identify .

To display this submenu, from the DCOM$CNFG Main Menu, choose option 3.

The system displays the System-wide Default Security submenu.

Figure 6-18 System-wide Default Security Submenu

------------------------------------------------------------------ System-wide Default Security 1 - Access Permissions Default 2 - Launch Permissions Default 3 - Configuration Permissions Default (E to Exit to previous menu) (H for Help) Please enter your choice: ------------------------------------------------------------------

The options are as follows:

• 1 - Access Permissions Default :
  Displays the Registry Value Permissions submenu. This submenu allow you to view, add, modify, and delete Access permission values for the systemwide default for all applications.
• 2 - Launch Permissions Default :
  Displays the Registry Value Permissions submenu. This submenu allows you to view, add, modify, and delete Launch Permission Values for the systemwide default for all applications. You must restart the COM for OpenVMS Service Control Manager for the new setting to take effect.
• 3 - Configuration Permissions Default :
  Displays the security permission values for the HKEY_CLASSES_ROOT Registry key.

When you first install the system, by default only Administrator and System accounts have application launch and access permissions. HP recommends that you do not change these default settings. Typically you modify an individual application's launch and access security to grant or deny permissions to Everyone , various Groups , or even specific users. HP recommends this technique over adjusting the machinewide default security settings that affect all applications.

6.4 Registering In-Process Servers: DCOM$REGSVR32 Utility

All COM components (implemented as either an out-of-process server or as an in-process server) must be registered in the OpenVMS Registry before you can use them.

Out-of-process servers, which are implemented as executable programs ( .EXE files), usually contain code to register and unregister the components contained within them. The advantage an out-of-process server has over an in-process server is that you can run the executable and automatically create the necessary registry keys.

In-process servers, which are usually implemented as dynamic link libraries ( .DLL files) on Windows or as shareable images on OpenVMS, also contain code to register and unregister the components within them automatically. However, these in-process servers cannot be run the same way as an executable image because they do not contain a main entry point. As a result, you must manually register the components contained within a .DLL , or create a command procedure to perform the registration.

Microsoft provides the REGSVR32 utility that you can use to register the components contained within a DLL. REGSVR32 takes as a command line argument the following:

• DLL name
• Switches to register or unregister the components

When registering a DLL's components, REGSVR32 searches the specified DLL for the DllRegisterServer symbol and, if found, calls it. When unregistering a DLL, REGSVR32 calls DllUnregisterServer . This means that all in-process components that you want to register automatically must include these two entry points in their export files.

To facilitate the registration of components contained within shareable images on OpenVMS systems, HP created the DCOM$REGSVR32 utility. The DCOM$REGSVR32 utility does the same things that the Microsoft REGSVR32 utility does. Any shareable images that contain components to be registered must also include the DllRegisterServer and DllUnregisterServer universal symbols in their symbol vectors. Both the DCOM$REGSVR32 and the REGSVR32 utilities use the same command line syntax.

During the COM for OpenVMS installation, the system places the DCOM$REGSVR32.EXE file in the SYS$SYSTEM directory.

Before you use the DCOM$REGSVR32 utility, you must define a symbol that allows the utility to accept foreign command lines. For example:

$ regsvr32 :== $DCOM$REGSVR32

You can use either method to activate the utility, and register or unregister components contained in shareable images.

To display help for DCOM$REGSVR32, enter the following:

$ regsvr32 -?

Table 6-1 summarizes the DCOM$REGSVR32 command line options.

Table 6-1 DCOM$REGSVR32 Command Line Options

Switch	Use
-?, /?	Display help file (this table).
shareable-image-name	Register the specified shareable image name.
-u or /u image-name	Unregister the specified shareable image name.

Example 6-4 demonstrates how to register an in-process component (contained within a shareable image) using the DCOM$REGSVR32 utility.

Example 6-4 Registering a Component Using the DCOM$REGSVR32 Utility

$ regsvr32 USER$DISK:[SEYMOUR.DISPATCH_SAMPLE1]CMPNT$SHR.EXE Class factory: Create self. DllRegisterServer: Registering Server DLL Creating key CLSID\{0C092C2C-882C-11CF-A6BB-0080C7B2D682} Creating key CLSID\{0C092C2C-882C-11CF-A6BB-0080C7B2D682}\InProcServer32 Creating key CLSID\{0C092C2C-882C-11CF-A6BB-0080C7B2D682}\ProgID Creating key CLSID\{0C092C2C-882C-11CF-A6BB-0080C7B2D682}\VersionIndependentProgID Creating key CLSID\{0C092C2C-882C-11CF-A6BB-0080C7B2D682}\TypeLib Creating key InsideCOM.Chap11 Creating key InsideCOM.Chap11\CLSID Creating key InsideCOM.Chap11\CurVer Creating key InsideCOM.Chap11.1 Creating key InsideCOM.Chap11.1\CLSID Class factory: Destroy self.

Example 6-5 demonstrates how to unregister an in-process component (contained within a shareable image) using the DCOM$REGSVR32 utility.

Example 6-5 Unregistering a Component Using the DCOM$REGSVR32 Utility

$ regsvr32 /u USER$DISK:[SEYMOUR.DISPATCH_SAMPLE1]CMPNT$SHR.EXE Class factory: Create self. DllUnregisterServer: Unregistering Server DLL Deleting key InProcServer32 Deleting key ProgID Deleting key VersionIndependentProgID Deleting key TypeLib Deleting key LocalServer32 Deleting key CLSID\{0C092C2C-882C-11CF-A6BB-0080C7B2D682} Deleting key CLSID Deleting key CurVer Deleting key InsideCOM.Chap11 Deleting key CLSID Deleting key InsideCOM.Chap11.1 Class factory: Destroy self.