Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# Set SQL 2016 SSIS Service Account DCOM Permissions on Windows Server 2012 R2 Core
$ServiceName = "MsDtsServer130" #SQL 2016 SSIS Service Name
$SSIS_Service = Get-WmiObject win32_service | where-object {$_.Name -eq $ServiceName}
If ($SSIS_Service -ne $null)
{
$SSIS_AppDesc = "Microsoft " + (Get-Service $ServiceName).DisplayName # Add the prefix which is not present in the service description
$SSISAccount = $SSIS_Service.StartName.Split("\")
$user = $SSISAccount[1]
$domain = $SSISAccount[0]
$appdesc = $SSIS_AppDesc
$app = get-wmiobject -query ('SELECT * FROM Win32_DCOMApplicationSetting WHERE Description = "' + $appdesc + '"') -enableallprivileges
$appid = $app.appid
$app = get-wmiobject -query ('SELECT * FROM Win32_DCOMApplicationSetting WHERE AppId = "' + $appid + '"') -enableallprivileges
$sdRes = $app.GetLaunchSecurityDescriptor()
$sd = $sdRes.Descriptor
$trustee = ([wmiclass] 'Win32_Trustee').CreateInstance()
$trustee.Domain = $domain
$trustee.Name = $user
$localLaunchActivate = 11
$ace = ([wmiclass] 'Win32_ACE').CreateInstance()
$ace.AccessMask = $localLaunchActivate
$ace.AceFlags = 0
$ace.AceType = 0
$ace.Trustee = $trustee
[System.Management.ManagementBaseObject[]] $newDACL = $sd.DACL + @($ace)
$sd.DACL = $newDACL
$app.SetLaunchSecurityDescriptor($sd)
}
Else
{
Write-Output "$ServiceName not found."
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.