SAS 9.1.3 Integration Technologies » Administrator's Guide (LDAP Version)


Setting up a COM/DCOM Server
Server and Client Requirements
Summary of Setup Steps
Metadata Overview
Creating the Metadata for a COM/DCOM Server
Using the IT Administrator Wizard
Using IT Administrator
Using a Configuration File
Configuration File Example: Minimal Configuration
Configuration File Example: Using Logical Names
Enabling DCOM on the Server and the Client
Configuring SAS for DCOM
Setting SAS Permissions on the Server
Global on Windows NT/2000
Per Application on Windows NT/2000
Global on Windows XP / Server 2003
Per Application on Windows XP / Server 2003
Configuring DCOM on Windows XP SP2 / Server 2003 SP1
Configuring COM/DCOM for Active Server Page Access
Accessing a Local COM Server from an Active Server Page
Accessing a DCOM Server from an Active Server Page
Administering the Server:
Using the IT Configuration Application
Troubleshooting
Reference Materials
AppIDs for Configuring DCOM
Object Server Parameters
Attributes for Servers
Attributes for Logical Names
COM/DCOM

Configuring DCOM on Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1

Introduction

Microsoft Windows XP Service Pack 2 (SP2) and Windows Server 2003 Service Pack 1 (SP1) include many changes that enhance security. Although these changes resolve problems that were present in earlier versions of Windows, they also prevent SAS DCOM servers from functioning. To enable SAS DCOM functionality, you must disable the additional security that is provided by these service packs.

Because enabling DCOM exposes security vulnerabilities that were corrected with Windows XP SP2 and Windows Server 2003 SP1, we recommend that you consider changing your SAS configuration to use IOM Bridge servers instead of DCOM.

If you continue to use DCOM, you will need to perform the following steps:


Disabling the Windows Firewall

The Windows Firewall software that is enabled by default in Windows XP SP2 and Windows Server 2003 SP1 prevents SAS DCOM connections from functioning. To disable the Windows Firewall:

  1. From the Start menu, select Settings arrow Control Panel and then double-click Windows Firewall.

  2. On the General tab of the Windows Firewall dialog box, select Off.

  3. Click OK to disable the firewall.

Note: You must disable the firewall on the server machine, and on each client machine.


Configuring DCOM Settings on the Server Machine

To enable DCOM on the server machine, you must grant launch and activate permissions to the client users as follows:

  1. From the Start menu, select Run, and then type dcomcnfg. Click OK to launch the Component Services dialog box.

  2. In the Component Services dialog box, select Component Services, and then click Configure My Computer in the toolbar.

  3. In the My Computer dialog box, select the COM Security tab, and then click Edit Limits under Launch and Activation Permissions.

  4. In the Launch Permission dialog box, click Add to add the users and groups that will access the SAS server. For each user or group, select the name from the Group or user names panel and then select Allow for each permission.

  5. Return to the Component Services dialog box. Expand the tree in the left panel as follows: Component Services arrow Computers arrow My Computer arrow DCOM Config.

    tree path for DCOM Config

  6. Select DCOM Config, and then locate your SAS server component in the right panel (for example, SAS.Workspace). Right click on the server component, and then select Properties.

  7. In the Properties dialog box, select the Security tab, then select Customize under Launch and Activate Permissions and click Edit.

  8. In the Launch Permission dialog box, click Add to add the users and groups that will access the SAS server. For each user or group, select the name from the Group or user names panel and then select Allow for each type of permission.

  9. Return to the Properties dialog box, select Customize under Access Permissions, and then click Edit.

  10. Select SELF in the Group or user names panel, and ensure that the Allow box is selected for the Local Access and Remote Access permissions.

    If the SELF user is not available, add it by clicking Add and typing SELF in the Select Users, Computers, or Groups dialog box.

Configuring DCOM Settings on Each Client Machine

SAS servers use anonymous callbacks to notify client applications of events such as the completion of a SAS job. In Windows XP Service Pack 2 and later, you must grant ANONYMOUS LOGON permissions on each client machine in order to enable anonymous callbacks.

To configure the ANONYMOUS LOGON permissions:

  1. From the Start menu, select Run and then type dcomcnfg. Click OK to launch the Component Services dialog box.

  2. In the Component Services dialog box, select Component Services, and then click Configure My Computer in the toolbar.

  3. In the My Computer dialog box, select the COM Security tab and then click Edit Limits under Access Permissions.

  4. In the Access Permission dialog box, select ANONYMOUS LOGON in the Group or user names panel, and then select the Allow box for the Remote Access permission.