Domain Controller

For proper DCOM security settings it is essential to identify the configuration of the Client and the Server machine. If both machines are members of the same domain there will be one central point for user authentification. If both machines are in different domains, these domains must trust each other. The administrative effort will decrease because new users will only be added to the domain.

• Domain
  The Client and Server Machine should be member of the same Domain. Different domains must should be trust eachother.
• Users Accounts
  Authentification is performed on the domain machine, the User Accounts (Name and PWD) or groups are used in the DCOM settings of the Client and the Server Machine.
• Operation System
  The Operation System on the Client and the Server Machine should be from the same family (all NT, all 2K or all XP). When doing "mixed configuration" certain (OS specific) settings have to be taken into account.

To keep configuration simple it is assumed that two machines have the same operating system installed, are both in the same Domain and have different user accounts logged on. The different users are members of one User Group. This for this User Group access is granted in the DCOM settings of the Client and the Server Machine.

In a mixed configuration (e.g. Server Machine in a Domain and Client Machine in a Workgroup) the so called doubble identification should be done. This means to add User Accounts to the Workgroup Machine which are identically (Name and PWD) the same as the User Accounts on the Domain. By this function calls to the Workgroup Machine can (locally) be identified and granted without "asking" the Domain Controller.