PowerShell allows us to run cmdlets remotely from client machines. We can run SharePoint 2010 cmdlets on the SharePoint Server, remotely connecting from client machines by following these two steps: Step 1: To execute SharePoint PowerShell remotely, you have to enable PowerShell Remoting on the Server first! By default PowerShell Remoting is. Setting mailbox folder permissions in bulk via PowerShell. If you only want this for a specific folder, the Add-MailboxFolderPermission cmdlet already takes care of that. The script still makes use of this cmdlet, so in order to configure the permissions we need to know a few pieces of information: the folder identity.
I have been given the task of writing Powershell scripts to set up a server from scratch to run one of our services as part of a web application, and one of the steps required for setting this server up is changing the DCOM config for the installed service, specifically adding accounts to the 'Launch and Activation'/'Access' Permissions and also set the permissions for these accounts once they have been added.
Is there a method of doing this using Powershell at all? I haven't been able to find a concrete method of doing what I'm aiming to achieve so any help would be great
2 Answers
Looks like you would do it using WMI.
Get an instance of: Win32_DCOMApplicationSetting
like this:
Now you have access to the SetAccessSecurityDescriptor
and SetLaunchSecurityDescriptor
methods.
From: http://msdn.microsoft.com/en-us/library/windows/desktop/aa384905(v=vs.85).aspx
DCOM applications
DCOM application instances have several security descriptors. Starting with Windows Vista, use methods of the Win32_DCOMApplicationSetting class to get or change the various security descriptors. Security descriptors are returned as instances of the Win32_SecurityDescriptor class.
To get or change the configuration permissions, call the GetConfigurationSecurityDescriptor or SetConfigurationSecurityDescriptor methods.
To get or change the access permissions, call the GetAccessSecurityDescriptor or SetAccessSecurityDescriptor methods.
To get or change the startup and activation permissions, call the GetLaunchSecurityDescriptor or SetLaunchSecurityDescriptor methods.
Windows Server 2003, Windows XP, Windows 2000, Windows NT 4.0, and Windows Me/98/95: The Win32_DCOMApplicationSetting security descriptor methods are not available.
There's also a tool called DCOMPERM in which source code is available in the Windows SDK: http://www.microsoft.com/en-us/download/details.aspx?id=8279
You can find compiled versions around online if you search for DCOMPERM compiled.
Here are the command line options:
I had the same question as the OP. The answer Andy posted was very helpful and got me halfway. I then found the Set-DCOMLaunchPermissions written by someone to help them deploy SharePoint.
I adapted their function for my purposes and came up with a solution that sets the permissions I need.
Not the answer you're looking for? Browse other questions tagged powershelldcom or ask your own question.
I am attempting to run the PowerShell command 'move-vm' remotely but I am getting permissions errors that I can't seem to get past.
My move-vm command looks like this:
and I am defining the credentials like this
Both the source and destination are on the same AD domain, and I have created a domain admin account specifically for this function. I have added the domain admins group to the local groups 'Hyper-V administrators' 'administrators' on the source and destination hosts. When I issue the command I get:
There are various articles out there about how to do this in 2012, however, its my understanding that the process has changed significantly in 2016 due to the depreciation of something called authorisation manager.
Does anyone have any experience on how to configure permissions to allow remote Hyper-V management with PowerShell specifically in 2016?
Thanks in advance.
Edit:
1 Answer
Managing Hyper-V remotely uses something called Constrained Delegation. Imagine the scenario.
![Powershell Powershell](https://4sysops.com/wp-content/uploads/bp-attachments/504146/Enable-PowerShell-remoting-with-PsExec.png)
You are on the host Man1, and you are issuing a command to Hyp-001 to move a VM to Hyp-002. So you have Man1 issuing commands to Hyp-001, which is fine as it can use your credentials, but when Hyp-001 passes commands to Hyp-002 it has no credentials to pass, hence you get the error
to get around this you need to give specific permissions that allows hosts to run specific services on each other, within AD delegation.
From PowerShell it would look like this:
In 2016 you also need this:
My source for this information is below