Sets the computer-wide restriction policy for component launch and activation.

Caution  Changing this value will affect all COM server applications, and might prevent them from working properly. If there are COM server applications that have restrictions that are less stringent than the computer-wide restrictions, reducing the computer-wide restrictions may expose these applications to unwanted access. Conversely, if you increase the computer-wide restrictions, some COM server applications might no longer be accessible by calling applications.

Registry Entry

   MachineLaunchRestriction = SECURITY_DESCRIPTOR


This is a REG_BINARY value.

Principals not given permissions here cannot obtain them even if the permissions are granted by the DefaultAccessPermission registry value or by the CoInitializeSecurity function.

By default, administrators may obtain local and remote launch and activation permissions, and members of the Everyone group may obtain local activation and launch permissions.

Related topics

Setting Security for COM Applications