I'm using PowerShell to set permissions of a DCOM object successfully.
Though, when using the DCOM object by my software after that, the permission changes are not recognized until I restart the computer.
How can I prevent this restart? Is there a single component/service I can restart after changing the permissions?
I'm using this code to change the permissions:
$apiDCOMObj = Get-WmiObject -Query ('SELECT * FROM Win32_DCOMApplicationSetting WHERE Caption = "MyAPI"') -EnableAllPrivileges
$descrLaunch = $apiDCOMObj.GetLaunchSecurityDescriptor().descriptor
$descrAccess = $apiDCOMObj.GetAccessSecurityDescriptor().descriptor
$trusteeObj = ([wmiclass]'Win32_Trustee').psbase.CreateInstance()
$trusteeObj.Domain = "NT AUTHORITY"
$trusteeObj.Name = "NETWORK SERVICE"
$aceLaunch = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$aceLaunch.AccessMask = 11 # Mask for Local Launch and Local Activation
$aceLaunch.trustee = $trusteeObj
$aceAccess = ([wmiclass]'Win32_ACE').psbase.CreateInstance()
$aceAccess.AccessMask = 3 # Mask for Local Access
$aceAccess.trustee = $trusteeObj
$descrLaunch.DACL += [System.Management.ManagementBaseObject]$aceLaunch
$descrAccess.DACL += [System.Management.ManagementBaseObject]$aceAccess
$apiDCOMObj.SetLaunchSecurityDescriptor($descrLaunch)
$apiDCOMObj.SetAccessSecurityDescriptor($descrAccess)
You can call for Restart-Service.
Restart-Service -Name <your_service_name>
This will restart the service with the new permissions.