When working with DCOM configuration on Windows Server 2012, you might encounter a frustrating situation where the Launch and Activation Permissions section appears greyed out for the Network Connections (netman) component. This occurs even when:
- You're logged in as a user with Administrator privileges
- You've launched
dcomcnfg.exevia elevated command prompt (Run as Administrator)
The Network Connections service (netman) is a protected system component in Windows. Microsoft intentionally restricts direct modification of its DCOM permissions through the graphical interface to prevent accidental misconfiguration that could break network functionality.
The most reliable way to modify these permissions is through the Windows SDK tool dcomperm.exe:
:: First, export current permissions to a file dcomperm.exe -o netman -launch -save current_launch_perms.txt :: Add your desired user/group (example for DOMAIN\AdminGroup) dcomperm.exe -o netman -launch -add "DOMAIN\AdminGroup" -access allow -level launch :: Verify the changes dcomperm.exe -o netman -launch -view
If you need more granular control, you can modify the permissions directly in the registry. First locate the DCOM application ID for netman:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{BA126AD1-2166-11D1-B1D0-00805FC1270E}]
"AppID"="{BA126AD1-2166-11D1-B1D0-00805FC1270E}"
[HKEY_CLASSES_ROOT\AppID\{BA126AD1-2166-11D1-B1D0-00805FC1270E}]
"LaunchPermission"=hex:01,00,04,80,...
You'll need to use regedt32.exe to modify the binary ACL data in the LaunchPermission value.
Before making changes:
- Always back up the registry
- Document original permissions
- Test changes in a non-production environment first
- Consider using Group Policy instead for enterprise deployments
After modification, restart the DCOM Server Process Launcher service and test network functionality:
net stop "DCOM Server Process Launcher" net start "DCOM Server Process Launcher"
Check Event Viewer for any DCOM-related errors (Event ID 10010 is particularly relevant).
When attempting to modify Launch and Activation Permissions for the Network Connections (netman) component in dcomcnfg on Windows Server 2012, administrators often find the security settings grayed out. This occurs despite:
- Belonging to the Administrators group
- Running
dcomcnfgwith elevated privileges
The Network Connections service (netman) is a protected system component. Windows deliberately restricts modifications to its DCOM permissions through the graphical interface to prevent accidental security breaches. This protection layer applies specifically to:
CLSID: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
AppID: {BA126AD1-2166-11D1-B1D0-00805FC1270E}To modify these permissions, we need to directly edit the registry:
- Open Registry Editor as Administrator
- Navigate to:
HKEY_CLASSES_ROOT\AppID\{BA126AD1-2166-11D1-B1D0-00805FC1270E} - Modify or create these values:
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AppID\{BA126AD1-2166-11D1-B1D0-00805FC1270E}] "LaunchPermission"=hex:01,00,04,80,... "AccessPermission"=hex:01,00,04,80,...
For enterprise environments, use this PowerShell script to modify permissions:
$netmanAppID = "{BA126AD1-2166-11D1-B1D0-00805FC1270E}"
$acl = Get-Acl "HKCR:\AppID\$netmanAppID"
$rule = New-Object System.Security.AccessControl.RegistryAccessRule (
"DOMAIN\Group",
"FullControl",
"ContainerInherit,ObjectInherit",
"None",
"Allow"
)
$acl.SetAccessRule($rule)
Set-Acl -Path "HKCR:\AppID\$netmanAppID" -AclObject $aclAfter making changes:
- Restart the DCOM Server Process Launcher service
- Verify changes in Component Services
- Test network connection functionality
Before modifying these settings:
- Document all changes
- Create system restore point
- Consider using Group Policy instead for enterprise deployments