Microsoft KB Archive/321893

= INFO: Default Settings in DCOMCNFG for IIS 4.0 =

Article ID: 321893

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q321893



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SUMMARY
This article describes the default settings in distributed COM configuration (DCOMCNFG) on a computer that is running Microsoft Windows NT 4.0 Server with Internet Information Server (IIS) 4.0 installed.



MORE INFORMATION
To open the distributed COM configuration properties, type DCOMCNFG at a command prompt.

IIS Admin Crypto Extension
The following are the default settings for the IIS Admin Crypto Extension application. To verify these settings, select IIS Admin Crypto Extension on the Applications tab, and then click Properties.
 * On the General tab, Authentication Level is set to Default.
 * On the Location tab, the Run application on this Computer check box is selected.
 * On the Security tab, Use default access permissions, Use default launch permissions, and Use custom configuration permissions are selected.
 * For Custom Configuration Permissions, Full Control permissions are set for Administrators, Creator Owner, and System, and Read permissions are set for Everyone.

NOTE: To view these permissions, click Edit.
 * On the Identity tab, The System Account (services only) is selected.
 * On the Endpoints tab, Default system protocols is listed.

IIS WAMREG Admin Service
The following are the default settings for the IIS WAMREG Admin Service application. To verify these settings, select IIS WAMREG Admin Service on the Applications tab, and then click Properties.
 * On the General tab, Authentication Level is set to Default.
 * On the Location tab, the Run application on this Computer check box is selected.
 * On the Security tab, Use default access permissions, Use default launch permissions, and Use custom configuration permissions are selected.
 * For Custom Access Permissions, Allow Access permissions are set for System, Administrator, Everyone, and Interactive.

NOTE: To view these permissions, click Edit.
 * For Custom Launch Permissions, Allow Launch permissions are set for System, Administrators, Interactive, and Everyone.

NOTE: To view these permissions, click Edit.
 * For Custom Configuration Permissions, Full Control permissions are set for Administrators, Creator Owner, and System, and Read permissions are set for Everyone.

NOTE: To view these permissions, click Edit.
 * On the Identity tab, The System Account (services only) is selected.
 * On the Endpoints tab, Default system protocols is listed.

IIS Admin Service
The following are the default settings for the IIS Admin Service application. To verify these settings, select IIS Admin Service on the Applications tab, and then click Properties.
 * In the Applications dialog box, select IIS Admin Service, and then click Properties.
 * On the General tab, Authentication Level is set to Default.
 * On the Location tab, the Run application on this Computer check box is selected.
 * On the Security tab, Use custom access permissions, Use custom launch permissions, and Use custom configuration permissions are selected.
 * For Custom Access Permissions, Allow Access permissions are set for Interactive, System, Administrator, and Everyone.

NOTE: To view these permissions, click Edit.
 * For Custom Launch Permissions, Allow Launch permissions are set for Interactive, System, Administrators, and Everyone.

NOTE: To view these permissions, click Edit.
 * For Custom Configuration Permissions, Full Control permissions are set for Administrators, Creator Owner, and System, and Read permissions are set for Everyone.

NOTE: To view these permissions, click Edit.
 * On the Identity tab, The System Account (services only) is selected.
 * On the Endpoints tab, default system protocols is listed.

Web Application Manager
The following are the default settings for the Web Application Manager application. To verify these settings, select Web Application Manager on the Applications tab, and then click Properties.  On the General tab, the Authentication Level is set to Default. On the Location tab, the Run application on this Computer check box is selected. On the Security tab, Use custom access permissions, Use custom launch permissions, and Use custom configuration permissions are selected. For Custom Launch Permissions, Allow Launch permissions are set for System and Everyone.

NOTE: To view these permissions, click Edit. For Custom Configuration Permissions, Full Control permissions are set for Administrators, Creator Owner, and System, and Read permissions are set for Everyone.

NOTE: To view these permissions, click Edit. On the Identity tab, This User is selected and that the specified user is IWAM_ .NOTE: Do not change the password if the IWAM account is already specified. If another user account is specified, you must reset the IWAM password. For additional information about how to reset the IWAM password, click the article number below to view the article in the Microsoft Knowledge Base:

296851 PRB: Error 'User Password/Validation Failed' When You Set IIS 5.0 Application to High (Isolated)

</li> On the Endpoints tab, default system protocols is listed.</li></ul>

Default Properties Tab
The following are the default settings for the Default Properties tab:
 * The Enable Distributed COM on this computer check box is selected.
 * Default Authentication Level is set to Connect.
 * Default Impersonation Level is set to Identify.

Default Security Tab
The following are the default settings for the Default Security tab:
 * For Default Access Permissions, Interactive, System, IUSR_ , and IWAM_  are set to Allow Access.

NOTE: To view these settings, click Edit Default.
 * For Default Launch Permissions, Administrators, IUSR_ , IWAM_ , Interactive, and System are set to Allow Launch.

NOTE: To view these settings, click Edit Default.
 * For Default Configuration Permissions, Administrators, Creator Owner, and System have Full Control permissions, and Everyone has Read permissions.

NOTE: To view these settings, click Edit Default.

Default Protocols Tab
The following are the default settings for the Default Protocols tab. To view these settings, click the Default Protocols tab, and then locate DCOM Protocols. The following are listed:
 * Datagram UDP/IP
 * Datagram IPX
 * Connection-oriented TCP/IP
 * Connection-oriented SPX
 * Connection-oriented NetBEUI
 * Connection-oriented Netbios over IPX

Additional query words: IIS 4.0 DCOMCNFG COM COM+ Distributed Configuration MTS MTX

Keywords: kbinfo KB321893

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.