Microsoft KB Archive/825750

= How to disable DCOM support in Windows =

Article ID: 825750

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows XP Tablet PC Edition
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional for Itanium-based systems
 * Microsoft Windows XP Professional for Itanium-based systems
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows NT Server 4.0, Terminal Server Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 3.51
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition

-



Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SUMMARY
The Distributed Component Object Model (DCOM) is a protocol that enables software components to communicate directly over a network. Previously named &quot;Network OLE,&quot; DCOM is designed for use across multiple network transports, including Internet protocols such as HTTP. More information about DCOM, visit the following Microsoft Web site: http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cnad_arc_wbak.mspx?mfr=true

DCOM is supported natively in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003.

Warning If you disable DCOM, may you may lose operating system functionality. After you disable support for DCOM, the following may result:
 * Any COM objects that can be started remotely may not function correctly.
 * The local COM+ snap-in will not be able to connect to remote servers to enumerate their COM+ catalog.
 * Certificate auto-enrollment may not function correctly.
 * Windows Management Instrumentation (WMI) queries against remote servers may not function correctly.

There are potentially many built-in components and 3rd party applications that will be affected if you disable DCOM. Microsoft does not recommend that you disable DCOM in your environment until you have tested to discover what applications are affected. Disabling DCOM may not be workable in all environments.

Support for DCOM on all Windows NT-based operating systems can be disabled. To disable this support, follow these steps.

Note To disable DCOM on a Windows 2000-based computer, you must be running Windows 2000 Service Pack 3 (SP3) or later.

Edit the Registry
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.  Start Registry Editor. Locate the following path:

 Change the EnableDCOM string value to N. Restart the operating system for the changes to take effect.

Use DCOMCNFG.EXE
 Run Dcomcnfg.exe. If you are running Windows XP or Windows Server 2003, perform these additional steps:  Click the Component Services node under Console Root.</li> Open the Computers folder.</li> For the local computer, right-click My Computer, and then click Properties.</li> For a remote computer, right-click Computers folder, point to New, and then click Computer.</li> Type the computer name.</li> Right-click the computer name, and then click Properties.</li></ol> </li> Click the Default Properties tab.</li> Click to select (or click to clear) the Enable Distributed COM on this Computer check box.</li> If you want to set more properties for the computer, click Apply to enable (or disable) DCOM. Otherwise, click OK to apply the changes and quit Dcomcnfg.exe.</li> Restart the operating system for the changes to take effect.</li></ol>

<div class="moreinformation_section">

MORE INFORMATION
The following registry string value is used to enable or disable DCOM on all operating systems:

If you change this value to N, you disable DCOM after you restart the operating system. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

Additional query words: Howto disable dcom windows security rpc exploit ms03-026 ms03-032

Keywords: kbhowto KB825750

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.