Specifications
ShoreTel Maintenance Guide 183
A
PPENDIX
B
DCOM Permissions
B.1 Introduction
ShoreTel systems have one HQ server and multiple remote servers. Applications running
on remote servers access data service components residing on the HQ server through
DCOM. DCOM permissions are configured by the Installer when the servers are installed
and by the SP1Repair command line utility.
The following service logon accounts are available in Windows.
• Local System account: This account has full system access, including the directory
service on domain controllers. Services logged onto the Local System account on
domain controllers can access the entire domain. Some services log onto the Local
System account by default. Do not change default service settings.
• Local Service account: This account is similar to authenticated user accounts. Services
logged onto the Local Service account have the same access rights as members of the
Users group and access network resources as null sessions with no credentials.
• Network Service account: This account is similar to authenticated user accounts.
Services logged onto this account have the same access rights as members of the Users
group and access network resources through the credentials of the computer account.
Figure B-1 displays the registry key settings.
B.2 Editing DCOM Permissions
DCOM permissions are modified on the HQ system through user interface actions listed in
the following sections.
Figure B-1 Registry Keys modified by the Installer and the Sp1Repair Tool