Can I find the path to a DCOM application executable with WMI or Powershell?
5,549
Solution 1
Using the Win32_ClassicCOMClassSetting class with Powershell
Get-WMIObject Win32_ClassicCOMClassSetting -Filter "AppID='{1CECFD4D-2CFB-4626-95C7-0266C26960FA}'" | select -ExpandProperty InProcServer32
or using WMIC
wmic /namespace:\\root\cimv2 path Win32_ClassicCOMClassSetting WHERE AppID^="{1CECFD4D-2CFB-4626-95C7-0266C26960FA}" Get InProcServer32
*this was tested on Windows 8.1 x64
or using reg.exe
reg QUERY HKCR\Wow6432Node\CLSID\{1CECFD4D-2CFB-4626-95C7-0266C26960FA}\Inprocserver32 /ve
Solution 2
What happens when you search the registry for {1CECFD4D-2CFB-4626-95C7-0266C26960FA}?
So the powershell component, this should get you started:
$cred = Get-Credential domain\user
Enter-PSSession <name of computer> -Credential $cred
Set-Location HKCR:\Wow6432Node\CLSID\{1CECFD4D-2CFB-4626-95C7-0266C26960FA}\LocalServer32
Get-ChildItem
Related videos on Youtube
02 : 54
error: PowerShell executable not found either pwsh.exe or PowerShell must be in your path
09 : 44
How To Run an exe file ASP.NET Core Web API
25 : 03
PowerSIEM - Analyzing Sysmon Events with PowerShell - Dynamic Malware Analysis
01 : 58
Powershell executable not found flutter doctor error solved
![WMI - Windows Management Instrumentation - [#12] PowerShell for IT Professionals](https://i.ytimg.com/vi/_NadlLhLldY/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLCGXLpS5wjpa6aMRGjTKYsFwIlhUQ)
29 : 07
WMI - Windows Management Instrumentation - [#12] PowerShell for IT Professionals
06 : 40
Non-Admin user for WMI
02 : 26
DevOps & SysAdmins: Can I find the path to a DCOM application executable with WMI or Powershell?
14 : 00
Windows PowerShell Advanced Chapter 03 - Custom Type Extensions
Author by
eagle
Updated on September 18, 2022Comments
-
eagle almost 2 years
I have installed (and registered) a DCOM application on a W2K8R2 machine, and its GUID can be found in the DCOM list shown by dcomcnfg.
I can also use Powershell to find a Win32_DCOMApplication or Win32_DCOMApplicationSetting object for its GUID:
PS C:\Windows\system32> Get-WMIObject Win32_DCOMApplicationSetting -Filter "AppID='{1CECFD4D-2CFB-4626-95C7-0266C26960FA }'" __GENUS : 2 __CLASS : Win32_DCOMApplicationSetting __SUPERCLASS : Win32_COMSetting __DYNASTY : CIM_Setting __RELPATH : Win32_DCOMApplicationSetting.AppID="{1CECFD4D-2CFB-4626-95C7-0266C26960FA}" __PROPERTY_COUNT : 12 __DERIVATION : {Win32_COMSetting, CIM_Setting} __SERVER : MYSRV __NAMESPACE : root\cimv2 __PATH : \\MYSRV\root\cimv2:Win32_DCOMApplicationSetting.AppID="{1CECFD4D-2CFB-4626-95C7-0266C269 60FA}" AppID : {1CECFD4D-2CFB-4626-95C7-0266C26960FA} AuthenticationLevel : Caption : CustomSurrogate : Description : EnableAtStorageActivation : False LocalService : RemoteServerName : RunAsUser : ServiceParameters : SettingID : UseSurrogate : FalseThe output shows that there is a DCOM application entry for my GUID. However it does not show the path to the executable. Is there a way to retrieve the application executable's full path with WMI?
-
eagle about 9 yearsThis does not give any output in my Windows 2003 Server system - should it print out the value on the console?
-
Bin about 9 yearsI don't have a 2003 machine to test on. Perhaps you can use the reg.exe command.
-
eagle almost 9 yearsThe reg query one-liner does the trick, many thanks!
