What is DCOM (Distributed Component Object Model)?

DCOM (Distributed Component Object Model) is a programming construct that allows a computer to run programs over the network on a different computer as if the program was running locally. Our guide details everything you need to know and more, check it out!
Michael Buckbee
3 min read
Last updated February 24, 2022

DCOM is a programming construct that allows a computer to run programs over the network on a different computer as if the program was running locally. DCOM is an acronym that stands for Distributed Component Object Model. DCOM is a proprietary Microsoft software component that allows COM objects to communicate with each other over the network. (Network OLE was the precursor to DCOM if anyone remembers seeing that in Windows 3.1.)

An extension of COM, DCOM solves a few inherent problems with the COM model to better use over a network:

Get the Free Pentesting Active
Directory Environments e-book

Marshalling: Marshalling solves a need to pass data from one COM object instance to another on a different computer – in programming terms, this is called “passing arguments.” For example, if I wanted Zaphod’s last name, I would call the COM Object LastName with the argument of Zaphod. The LastName function would use a Remote Procedure Call (RPC) to ask the other COM object on the target server for the return value for LastName(Zaphod), and then it would send the answer – Beeblebrox – back to the first COM object.

Distributed Garbage Collection: Designed to scale DCOM in order to support high volume internet traffic, Distributed Garbage Collection also addresses a way to destroy and reclaim completed or abandoned DCOM objects to avoid blowing up the memory on webservers. In turn, it communicates with the other servers in the transaction chain to let them know they can get rid of the objects related to a transaction.

Using DCE/RPC as the underlying RPC mechanism: To achieve the previous items and to attempt to scale to support high volume web traffic, Microsoft implemented DCE/RPC as the underlying technology for DCOM – which is where the D in DCOM came from.

illustration dcom solves problems with com model

How Does DCOM Work?

In order for DCOM to work, the COM object needs to be configured correctly on both computers – in our experience they rarely were, and you had to uninstall and reinstall the objects several times to get them to work.

The Windows Registry contains the DCOM configuration data in 3 identifiers:

  • CLSID – The Class Identifier (CLSID) is a Global Unique Identifier (GUID). Windows stores a CLSID for each installed class in a program. When you need to run a class, you need the correct CLSID, so Windows knows where to go and find the program.
  • PROGID – The Programmatic Identifier (PROGID) is an optional identifier a programmer can substitute for the more complicated and strict CLSID. PROGIDs are usually easier to read and understand. A basic PROGID for our previous example could be Hitchiker.LastName. There are no restrictions on how many PROGIDs can have the same name, which causes issues on occasion.
  • APPID – The Application Identifier (APPID) identifies all of the classes that are part of the same executable and the permissions required to access it. DCOM cannot work if the APPID isn’t correct. You will probably get permissions errors trying to create the remote object, in my experience.

A basic DCOM transaction looks like this:

  1. The client computer requests the remote computer to create an object by its CLSID or PROGID. If the client passes the APPID, the remote computer looks up the CLSID using the PROGID.
  2. The remote machine checks the APPID and verifies the client has permissions to create the object.
  3. DCOMLaunch.exe (if an exe) or DLLHOST.exe (if a dll) will create an instance of the class the client computer requested.
  4. Communication is successful!
  5. The Client can now access all functions in the class on the remote computer.

If the APPID isn’t configured correctly, or the client doesn’t have the correct permissions, or the CLSID is pointing to an old version of the exe or any other number of issues, you will likely get the dreaded “Can’t Create Object” message.

DCOM vs. CORBA

Common Object Request Broker Architecture (CORBA) is a JAVA based application and functions basically the same as DCOM. Unlike DCOM, CORBA isn’t tied to any particular Operating System (OS), and works on UNIX, Linux, SUN, OS X, and other UNIX-based platforms.

Neither proved secure or scalable enough to become a standard for high volume web traffic. DCOM and CORBA didn’t play well with firewalls, so HTTP became the default standard protocol for the internet.

what is corba illustration

Why is DCOM necessary?

DCOM didn’t win the battle to become the standard protocol for the internet, but it remains integrated into the Windows OS and is how many Windows services communicate – like Microsoft Management Console (MMC).

Since DCOM can run programs on other computers, hackers can leverage it for lateral movement attacks through your network, gaining access to more data. This activity can be difficult to detect because it’s not malware or hacker tools: all it takes to access DCOM is PowerShell.

The good news: even if the hacker can access your sensitive data using DCOM, Varonis will help detect (and stop them) as they try to access your data. Varonis monitors the activity on your core data stores, and analyzes that activity for abnormal user behavior and suspicious activity. See how Varonis fits into your data security strategy with a customized 1:1 demo.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

active-directory-users-and-computers-(aduc):-installation-and-uses
Active Directory Users and Computers (ADUC): Installation and Uses
Active Directory Users and Computers (ADUC) is a MMC snap-in you can use to manage Active Directory. Read on for more details, use cases, and caveats.
what-is-an-active-directory-forest?
What is an Active Directory Forest?
An Active Directory forest is the top most logical container in an Active Directory configuration that contains domains, users, computers, and group policies.
authorized-access-–-understanding-how-us-laws-affect-your-authorization-policies
Authorized Access – Understanding how US laws affect your authorization policies
In 1986, the United States Congress passed the Computer Fraud and Abuse Act (CFAA).  While the intent of these laws were originally to protect government computers and information from hackers,...
12-group-policy-best-practices:-settings-and-tips-for-admins
12 Group Policy Best Practices: Settings and Tips for Admins
Group Policy configures settings, behavior, and privileges for user and computers. In this article, you’ll learn best practices when working with Group Policy.