Working in progress: powershell script to automatically fix DCOM errors which show up in the event log

readme.md

Error in the event viewer:

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Steps to fix the issue: http://answers.microsoft.com/en-us/windows/forum/windows_8-performance/event-id-10016-the-application-specific-permission/9ff8796f-c352-4da2-9322-5fdf8a11c81e?auth=1

finderrors.ps1

# Get-EvengLog doesn't quite work I guess:
# https://stackoverflow.com/questions/31396903/get-eventlog-valid-message-missing-for-some-event-log-sources#
# Get-EventLog Application -EntryType Error -Source "DistributedCOM"
# The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
#$logs = Get-EventLog -LogName "System" -EntryType Error -Source "DCOM" -Newest 1 -Message "The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID*"
# 2 is error
# 3 is warning
$EVT_MSG = "The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID"
# Search for System event log ERROR entries starting with the specified EVT_MSG
$logEntry = Get-WinEvent -FilterHashTable @{LogName='System'; Level=2} | Where-Object { $_.Message -like "$EVT_MSG*" } | Select-Object -First 1
if ($logEntry -eq $null) {
    Write-Host "No event log entries found."
    exit 1
}

# Get CLSID and APPID from the event log entry
# which we'll use to look up keys in the registry
$CLSID = $logEntry.Properties[3].Value
Write-Host "CLSID is $CLSID"
$APPID = $logEntry.Properties[4].Value
Write-Host "APPID is $APPID"

fixerrors.ps1

# TODO: make these parameters?
$CLSID = "{D63B10C5-BB46-4990-A94F-E40B9D520160}"
$APPID = "{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}"

# To take ownership of a registry key:
# https://social.technet.microsoft.com/Forums/windowsserver/en-US/e718a560-2908-4b91-ad42-d392e7f8f1ad/take-ownership-of-a-registry-key-and-change-permissions?forum=winserverpowershell

# Originally from here maybe?
# http://www.leeholmes.com/blog/2010/09/24/adjusting-token-privileges-in-powershell/

# ************************* START enable-privilege
function enable-privilege {
 param(
  ## The privilege to adjust. This set is taken from
  ## http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx
  [ValidateSet(
   "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege",
   "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege",
   "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
   "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
   "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege",
   "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege",
   "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege",
   "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
   "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
   "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege",
   "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
  $Privilege,
  ## The process on which to adjust the privilege. Defaults to the current process.
  $ProcessId = $pid,
  ## Switch to disable the privilege, rather than enable it.
  [Switch] $Disable
 )

 ## Taken from P/Invoke.NET with minor adjustments.
 $definition = @'
 using System;
 using System.Runtime.InteropServices;
  
 public class AdjPriv
 {
  [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
  internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
   ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
  
  [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
  internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
  [DllImport("advapi32.dll", SetLastError = true)]
  internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
  [StructLayout(LayoutKind.Sequential, Pack = 1)]
  internal struct TokPriv1Luid
  {
   public int Count;
   public long Luid;
   public int Attr;
  }
  
  internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
  internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
  internal const int TOKEN_QUERY = 0x00000008;
  internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
  public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
  {
   bool retVal;
   TokPriv1Luid tp;
   IntPtr hproc = new IntPtr(processHandle);
   IntPtr htok = IntPtr.Zero;
   retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
   tp.Count = 1;
   tp.Luid = 0;
   if(disable)
   {
    tp.Attr = SE_PRIVILEGE_DISABLED;
   }
   else
   {
    tp.Attr = SE_PRIVILEGE_ENABLED;
   }
   retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
   retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
   return retVal;
  }
 }
'@

 $processHandle = (Get-Process -id $ProcessId).Handle
 $type = Add-Type $definition -PassThru
 $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
}
# ************************* END enable-privilege

try {
    Write-Host "Script start"
    
    # Steps we are automating are listed here:
    # http://answers.microsoft.com/en-us/windows/forum/windows_8-performance/event-id-10016-the-application-specific-permission/9ff8796f-c352-4da2-9322-5fdf8a11c81e?auth=1

    # Adjust the permissions for these keys
    Write-Host "CLSID is $CLSID"
    Write-Host "APPID is $APPID"

    # to check your priviledges:
    # whoami /priv
    enable-privilege SeTakeOwnershipPrivilege
    enable-privilege SeRestorePrivilege
    # To change the owner you need SeRestorePrivilege
    # http://stackoverflow.com/questions/6622124/why-does-set-acl-on-the-drive-root-try-to-set-ownership-of-the-object
    $key = [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey("CLSID\$CLSID",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)

    if ($key -eq $null) {
        Write-Host "Unable to get registry key HKCR:\CLSID\$CLSID"
        exit 1
    }

    Write-Host "Opened registry key $($key.Name)"

    # You must get a blank acl for the key b/c you do not currently have access
    #$acl = $key.GetAccessControl([System.Security.AccessControl.AccessControlSections]::None)
    #$me = [System.Security.Principal.NTAccount]"t-alien\tome"
    #$admin = [System.Security.Principal.NTAccount]"Administrator"
    #$acl.SetOwner($admin)
    #$key.SetAccessControl($acl)
    $cname = $env:computername
    $admin = [System.Security.Principal.NTAccount]"$cname\Administrator"
    Write-Host "Setting owner to $($admin.Value)"

    $acl = $key.GetAccessControl()
    $acl.SetOwner($admin)
    $key.SetAccessControl($acl)
    $key.Close()

    # After you have set owner you need to get the acl with the perms so you can modify it.
    
    #$rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrator","FullControl","Allow")
    #$acl.SetAccessRule($rule)
    #$key.SetAccessControl($acl)
} catch {
    $ErrorMessage = $_.Exception.Message
    $FailedItem = $_.Exception.ItemName
    Write-Host "Error running setDCOMpermissions"
    Write-Host $_.Exception|format-list
    exit 1
}


# Code originally from:
# https://social.technet.microsoft.com/Forums/systemcenter/en-US/dfc465bc-7bbd-483e-b98b-2ba56fa98313/the-applicationspecific-permission-settings-do-not-grant-local-launch-permission-for-the-com-server?forum=configmgrgeneral

#$CLSID = "{3f2db10f-6368-4702-a4b1-e5149d931371}"
# New-PSDrive Creates temporary and persistent mapped network drives.
#New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
#$key = Get-Item "HKCR:\CLSID\$CLSID\"
#$values = Get-ItemProperty $key.PSPath
#$values.'(default)'

#$key = Get-Item "HKCR:\AppID\$CLSID\"
#$values = Get-ItemProperty $key.PSPath
#$values.'(default)'
#Remove-PSDrive -Name  HKCR
Write-Host "Script complete"

For language independent administrators group replace

$admin = [System.Security.Principal.NTAccount]"$cname\Administrator"

with

$admin = New-Object System.Security.Principal.NTAccount(Get-LocalGroup -SID S-1-5-32-544)

A proper working automated script https://github.com/Simbiat/Anti10016