Get rid of Windows 11 eventlog entries with source DistributedCOM and eventid 10016 - dcasota/Lenovo83BY GitHub Wiki
Every two minutes there are followng entries in eventlog.
_Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID _ {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} und der APPID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
# Define the CLSID
$CLSID = "2593F8B9-4EAF-457C-B68A-50F6B8EA6B54".ToLower()
# Path to the CLSID in the registry
$RegistryPath = "HKCR:\CLSID"
# Search for the CLSID in a case-insensitive manner
$Result = Get-ChildItem -Path $RegistryPath | Where-Object {
$_.Name.ToLower() -match $CLSID
}
# Check if a match is found
if ($Result) {
Write-Output "CLSID found: $CLSID"
Write-Output "Registry Path: $($Result.PSPath)"
# Retrieve the associated AppID if it exists
$AppID = Get-ItemProperty -Path $Result.PSPath -Name "AppID" -ErrorAction SilentlyContinue
if ($AppID) {
Write-Output "Associated AppID: $($AppID.AppID)"
} else {
Write-Output "No AppID found for this CLSID."
}
} else {
Write-Output "CLSID not found in the registry."
}
As example, the APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} is associated with the PerAppRuntimeBroker. This is a system component in Windows that helps manage permissions and runtime execution for certain applications, particularly those running in a sandboxed or isolated environment. It is commonly linked to DistributedCOM (DCOM) errors in the Event Viewer when there are permission issues.
If you're encountering errors related to this APPID, they are often harmless and can be ignored unless they are causing specific problems. In that case, modify the DCOM permissions.
# Define the APPID
$APPID = "15C20B67-12E7-4BB6-92BB-7AFF07997402"
# Load the necessary .NET assembly for COM access
Add-Type -TypeDefinition @"
using System;
using System.Runtime.InteropServices;
public class DCOMSecurity
{
[DllImport("ole32.dll")]
public static extern int CoInitializeSecurity(
IntPtr pSecDesc,
int cAuthSvc,
IntPtr asAuthSvc,
IntPtr pReserved1,
int dwAuthnLevel,
int dwImpLevel,
IntPtr pAuthList,
int dwCapabilities,
IntPtr pReserved3);
}
"@
# Initialize DCOM Security
[DCOMSecurity]::CoInitializeSecurity([IntPtr]::Zero, -1, [IntPtr]::Zero, [IntPtr]::Zero, 5, 3, [IntPtr]::Zero, 0, [IntPtr]::Zero)
# Grant Local Activation permission to the specified user on the computer
# Must be populated as computer\username
$User = "ltdca\\dcaso" # Replace with the correct username
$Permission = "LocalActivation" # You can specify other permissions as needed
# Command to configure DCOM permissions
Write-Output "Granting $Permission permission for APPID: $APPID to user: $User..."
$DCOMPermissionCommand = @"
& {{
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
Install-Module -Name DCOMPermissions -Force -Scope CurrentUser -SkipPublisherCheck
Import-Module DCOMPermissions
Grant-DCOMPermission -ApplicationID $APPID -Permissions $Permission -Account $User -OverrideConfigurationPermissions
}}
"@
Invoke-Expression $DCOMPermissionCommand
Write-Output "DCOM permissions updated for APPID: $APPID."
Kindly follow these steps to make TrustedInstaller the owner of Windows Apps again Right mouse button click on the file and choose Properties. Click Security tab. Click Advanced button. Click Owner tab. Click Edit button. Click Other User or Group and type in instead of NT SERVICE\TrustedInstaller. Press Ok on all dialogs until all property dialogs are closed.
install-module -name DCOMPermissions
Grant-DCOMPermission -ApplicationID "{316CDED5-E4AE-4B15-9113-7055D84DCC97}" -Permissions LocalLaunch,LocalActivation -OverrideConfigurationPermissions
cmdlet Grant-DComPermission at command pipeline position 1
Supply values for the following parameters:
Type: Launch
Account: <yourname>