InvalidSecurityDescriptorLoggingLevel (COM)

Switch View :
Classic
Lightweight
ScriptFree
InvalidSecurityDescriptorLoggingLevel

Sets the verbosity of event log entries about invalid security descriptors for component launch and access permissions.

Registry Entry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
   InvalidSecurityDescriptorLoggingLevel = value

Remarks

This is a REG_DWORD value.

ValueDescription
1Always log failures when COM finds an invalid security descriptor. This is the default value.
2Never log failures when COM finds an invalid security descriptor. It is not recommended that you disable event logging, as it can make it more difficult to diagnose problems.

 

If you set launch and access permission security descriptors (commonly called ACLs) directly, it is possible to construct a security descriptor whose meaning cannot be interpreted unambiguously. COM makes an event log entry when it encounters such an invalid security descriptor.

Note that ActivationFailureLoggingLevel and CallFailureLoggingLevel have no control over logging invalid security descriptor errors. Use InvalidSecurityDescriptorLoggingLevel for full control over this functionality.

Related topics

Setting Security for COM Applications

 

 

Send comments about this topic to Microsoft

Build date: 3/7/2012

Community Content

JoeBarrett
Set InvalidSecurityDescriptorLoggingLevel = 0 to disable logging
At the moment the documentation suggests setting InvalidSecurityDescriptorLoggingLevel to 2 for disable. This is not correct. It should be 0 (zero) to disable.