After a successful authentication, the access check is performed against an access list. The access list is created from the DefaultAccessPermissionsregistry settings, or provided programmatically through the DCOMAccessControlobject during server initialization. If the access check is successful, the user is granted access to the computer as a whole. No access check is performed for local activations; access requests are granted automatically.

Windows CE contains a DCOMAccessControlobject that the DCOM runtime uses for all internal security checking. By default, the DCOMAccessControlobject is initialized with the contents of the AccessPermissionand DefaultAccessPermissionregistry keys. Alternatively, the registry keys can be supplied programmatically through the CoInitializeSecurityfunction. User authentication is based on NTLM verification of user name and password. A list of user names can be used to determine the access privileges of each user, as indicated below.

On Windows CE the tool that is modifying security settings in the registry must call the UpdateDCOMSettingsfunction to have DCOM Security Support reload its configuration.

The UpdateDCOMSettingsfunction is not declared in the standard system header files, so that you will need to declare the function in your own header file, as shown in the following sample code:

void UpdateDCOMSettings (void);

and link to the OLE32.lib file.

Also, all DCOM components that are running already must be reloaded for new settings to take effect on them — for example, if a user were to change the LaunchPermissionand AccessPermissionregistry keys for a particular component, and the component had been launched already, the component would need to be reloaded for permissions to take effect.