In Windows Server 2003 and Windows Server 2008, changing the properties of objects, such as DCOM Config objects, is a very straightforward process for an Administrator to accomplish. However, in Windows Server 2008 R2, even an Administrator cannot modify these settings. Fields remain read-only, as shown in the following example of the IIS WAMREG admin Service Properties:
This can be confusing when performing the setup and configuration of Kerberos Authentication for IIS on a Windows Server 2008 R2 environment, as explained in Chapter 5, Setting Up Kerberos Authentication. Fortunately, there is a method to restore the same functionality that existed in the previous versions of Windows Server. This method is explained in the following steps for the IIS WAMREG admin Service whose GUID is {61738644-F196-11D0-9953-00C04FD919C1}:
Note
Modifying the Windows Registry is risky and can damage your server. Be sure to make a backup of your Windows Registry before performing any modifications.
1. Open the Windows Registry editor by going to Start | Run and running regedit.
2. Navigate to HKEY_CLASSES_ROOT\AppID\{61738644-F196-11D0-9953-00C04FD919C1}.
3. Right click on {61738644-F196-11D0-9953-00C04FD919C1} and click on Permissions....
4. In the Permissions window for {61738644-F196-11D0-9953-00C04FD919C1}, select the Administrators group and click on the Advanced button.
5. In the Advanced Security Settings window, select the Administrators group permission and go to the Owner tab.
6. Select each owner listed in the Change owner to section, and click on the Apply button. This ensures that the security settings are appropriately set for the Administrator to perform administrative functions. When complete, click on the OK button to return to the original Permissions window for {61738644-F196-11D0-9953-00C04FD919C1}.
7. In the Permission for {61738644-F196-11D0-9953-00C04FD919C1} window, select the Administrators group and mark Allow for Full Control permissions and then click on OK.
8. After performing these steps, reopen DCOM Config and go to the Security tab of the IIS WAMREG admin Service to modify the security settings.