| Event Id | 10002 |
| Source | DCOM Event |
| Description | Access denied attempting to launch a DCOM Server. The server is:{12345678-1234-1234-1234-123456789ABC} The user is IWAM_<ComputerName>/<ComputerName> |
| Event Information | According to Microsoft: CAUSE: In Windows Server, some of the security defaults of a COM+ applications are modified. Enforce access checks for this application security default at the application level is modified from disabled to enabled. Enforce component level access checks security default at the component level is modified from enabled to disabled. If your application does not have any roles and any users in those roles, then because the COM+ services enforce access checks, you receive access denied for that particular COM+ component. RESOLUTION: The COM+ application owner or an administrator must determine the users who need access to the COM+ application. If you, as a COM+ application owner or as an administrator, determine that limited users must have access to the application, then you must explicitly add those users to a role. If no suitable role exists, then you must add a new role. |
| Reference Links | PRB: Access Check Is Enabled by Default When a COM+ Application Is Created |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.