COM and DCOM Security (Windows Embedded CE 6.0)

  • Article

1/6/2010

COM provides an infrastructure to expose functional objects to applications. Distributed COM (DCOM) enables programmatic calls from an application to COM objects on remote devices. This technology has potential security risks when deployed to run over a public network, such as the Internet. If the security of the technology is compromised, it could expose the device or local network to the public network.

There are two levels of security to consider when you implement a distributed application:

  • Network security helps control who can access a computer. At this security level, Distributed Component Object Model (DCOM) security on Windows Embedded CE is equivalent to that of the Windows NT 4.0, SP5, implementation, which uses the Windows NT LAN Manager system security package (NTLM SSP). For more information, see COM Authentication.
  • Local security helps control what a user is permitted to do on a computer after gaining access. This security level is defined by the operating system on the target computer. Windows Embedded CE helps regulate access to critical parts of the system as a whole, instead of on a resource-by-resource basis as is done on Windows NT. For more information, see COM Access Control.

Best practices for use authentication

DCOM security on Windows Embedded CE is equivalent to that of the Windows NT 4.0, SP5, implementation, which uses the NTLM Security Support Provider (NTLM SSP). DCOM uses the NTLM protocol to help establish user credentials if the flag RPC_C_AUTH_WINNT is selected. For more information, see COM Authentication.

Best practices for use access control

You can setup a list of users and permission levels in the registry. For more information, see COM Access Control.

**Distributed COM (DCOM), sometimes also referred to as "COM Remoting", is not included in Windows Embedded CE. Please see Remote DCOM Support for more information.

You should be aware of the registry settings that impact security. Security Note entries in the registry settings documentation explain security implications.

For information, see COM and DCOM Registry Settings.**

See Also

Other Resources

Component Services (COM and DCOM)
Enhancing the Security of a Device