{
	"id": "90d97378-e290-4e4d-a373-7008067ed17e",
	"created_at": "2026-04-06T01:30:15.774459Z",
	"updated_at": "2026-04-10T13:11:53.466044Z",
	"deleted_at": null,
	"sha1_hash": "61800b56267fbe6897a672dc4dc743134e36342c",
	"title": "Setting Process-Wide Security Through the Registry - Win32 apps",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 40724,
	"plain_text": "Setting Process-Wide Security Through the Registry - Win32 apps\r\nBy stevewhims\r\nArchived: 2026-04-06 01:13:52 UTC\r\nIf you want to set security for an entire process, one solution is to set the security levels you want in the registry. If\r\nyour application cannot call CoInitializeSecurity or if you prefer not to use programmatic security, this might be\r\na good option. If you decide to set process-wide security using the registry, you should be aware that if you call\r\nCoInitializeSecurity within your program COM will use the values in CoInitializeSecurity and ignore the\r\nregistry values.\r\nThere are two ways to set security in the registry for your application:\r\nYou can use Dcomcnfg.exe, which provides a simple user interface for modifying security values. All\r\nCOM servers can be configured using Dcomcnfg.exe. For more information, see Setting Process-Wide\r\nSecurity Using DCOMCNFG. However, client applications do not normally appear in Dcomcnfg.exe\r\nunless the client creates a GUID and enters it in the registry.\r\nYou can set security values under the AppID key for the application. The rest of this topic explains how to\r\nset security in the registry using the AppID key.\r\nAn AppID is a GUID that represents a server process for one or more classes. Each class is associated with exactly\r\none AppID, and AppIDs can be assigned only to EXEs. DLLs do not get AppIDs unless they are running in a\r\nsurrogate, and then it is the surrogate process that has the AppID. If multiple DLLs are loaded into a surrogate,\r\neach surrogate has only one AppID.\r\nFor some COM servers, the registration code generates an AppID and places entries in the registry that map the\r\nAppID to the name of the executable. But some COM servers do not provide this functionality. However, if the\r\nserver's registration code adds an entry for HKCR\\CLSID{ServerCLSID}\\LocalServer32 when dcomcnfg.exe is\r\nrun, it will automatically add an AppID for the CLSID.\r\nFor a COM client that is not a server, this mapping is not created because the client is never registered. Therefore,\r\nto set security using the AppID key, the client must create the necessary registry entries, either programmatically\r\nby using the registry functions or by using regedit.\r\nIf you decide to set process-wide security in the registry under the AppID key, be aware that there are two named\r\nvalues under the AppID key that you can set without having administrator permissions:\r\nAccessPermission\r\nAuthenticationLevel\r\nThe AuthenticationLevel and AccessPermission values are set independently and have separate default values.\r\nIf the AuthenticationLevel value is not present, the LegacyAuthenticationLevel value is used as the default.\r\nhttps://msdn.microsoft.com/en-us/library/windows/desktop/ms687317(v=vs.85).aspx\r\nPage 1 of 2\n\nSimilarly, if the AccessPermission value is not present, the DefaultAccessPermission value is used as the default.\r\nHowever, the AuthenticationLevel and the AccessPermission values are interrelated in the following ways:\r\nIf the AuthenticationLevel is none, the AccessPermission and DefaultAccessPermission values are\r\nignored for that application.\r\nIf the AuthenticationLevel is not present and the LegacyAuthenticationLevel is none, the\r\nAccessPermission and DefaultAccessPermission values are ignored for that application.\r\nSetting Process-Wide Security\r\nSource: https://msdn.microsoft.com/en-us/library/windows/desktop/ms687317(v=vs.85).aspx\r\nhttps://msdn.microsoft.com/en-us/library/windows/desktop/ms687317(v=vs.85).aspx\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://msdn.microsoft.com/en-us/library/windows/desktop/ms687317(v=vs.85).aspx"
	],
	"report_names": [
		"ms687317(v=vs.85).aspx"
	],
	"threat_actors": [],
	"ts_created_at": 1775439015,
	"ts_updated_at": 1775826713,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/61800b56267fbe6897a672dc4dc743134e36342c.pdf",
		"text": "https://archive.orkl.eu/61800b56267fbe6897a672dc4dc743134e36342c.txt",
		"img": "https://archive.orkl.eu/61800b56267fbe6897a672dc4dc743134e36342c.jpg"
	}
}