Powershell Impersonation over DCOM

When calling our DCOM service component over Powershell we would get a (HRESULT) ACCESS DENIED returned from our service. This would happen even when using an administrator account and an elevated Powershell instance. All of our DCOM endpoints do user impersonation. So why isn’t our DCOM endpoint impersonating properly?

After pulling the clients token from the DCOM call,

you can check the security impersonation level used by the client caller.

Just like before we can see that an impersonation level of identify does not allow impersonation. Using this registry setting to override the default to SecurityImpersonation our powershell DCOM calls now work and impersonate properly.

This lets us set the security impersonation level for each call we make without overriding the global default. I’m sure a better solution exists, but this does work. Hopefully it saves someone else the headache of finding an obscure issue like this in the future.

Related posts:

Whether you are working on the back-end or the front-end, having the right tool for the job, can really make a difference some times. With this blog post, I want to share with you some of the tools…

Ramadan is a holy month for Muslims around the world, where they fast from sunrise to sunset. This can present a challenge for individuals who are passionate about their fitness and workout routines…

Desconocido la totalidad del fondo del texto actual, pero no tiene raíces realmente profundas. Voy a realizar un intento por conceptualizar de manera más ostensible lo que me urge comunicar al mundo…