5

I have installed (and registered) a DCOM application on a W2K8R2 machine, and its GUID can be found in the DCOM list shown by dcomcnfg.

I can also use Powershell to find a Win32_DCOMApplication or Win32_DCOMApplicationSetting object for its GUID:

PS C:\Windows\system32> Get-WMIObject Win32_DCOMApplicationSetting -Filter "AppID='{1CECFD4D-2CFB-4626-95C7-0266C26960FA
}'"


__GENUS                   : 2
__CLASS                   : Win32_DCOMApplicationSetting
__SUPERCLASS              : Win32_COMSetting
__DYNASTY                 : CIM_Setting
__RELPATH                 : Win32_DCOMApplicationSetting.AppID="{1CECFD4D-2CFB-4626-95C7-0266C26960FA}"
__PROPERTY_COUNT          : 12
__DERIVATION              : {Win32_COMSetting, CIM_Setting}
__SERVER                  : MYSRV
__NAMESPACE               : root\cimv2
__PATH                    : \\MYSRV\root\cimv2:Win32_DCOMApplicationSetting.AppID="{1CECFD4D-2CFB-4626-95C7-0266C269
                            60FA}"
AppID                     : {1CECFD4D-2CFB-4626-95C7-0266C26960FA}
AuthenticationLevel       :
Caption                   :
CustomSurrogate           :
Description               :
EnableAtStorageActivation : False
LocalService              :
RemoteServerName          :
RunAsUser                 :
ServiceParameters         :
SettingID                 :
UseSurrogate              : False

The output shows that there is a DCOM application entry for my GUID. However it does not show the path to the executable. Is there a way to retrieve the application executable's full path with WMI?

mjn
  • 933
  • 2
  • 12
  • 26
  • What happens when you search the registry for `{1CECFD4D-2CFB-4626-95C7-0266C26960FA}`? – Joseph Kern Jun 15 '15 at 06:25
  • @JosephKern under HKCR\Wow6432Node\CLSID\{1CECFD4D-2CFB-4626-95C7-0266C26960FA}\LocalServer32 the registry contains the full path to the installed application executable – mjn Jun 15 '15 at 07:18
  • @JosephKern so I guess I only need to run a PS command which display this value – mjn Jun 15 '15 at 07:18
  • Yep probably. Or just `reg query` in cmd.exe, I added a an actual response as well. – Joseph Kern Jun 15 '15 at 09:40

2 Answers2

3

Using the Win32_ClassicCOMClassSetting class with Powershell

Get-WMIObject Win32_ClassicCOMClassSetting -Filter "AppID='{1CECFD4D-2CFB-4626-95C7-0266C26960FA}'" | select -ExpandProperty InProcServer32

or using WMIC

wmic /namespace:\\root\cimv2 path Win32_ClassicCOMClassSetting WHERE AppID^="{1CECFD4D-2CFB-4626-95C7-0266C26960FA}" Get InProcServer32

*this was tested on Windows 8.1 x64

or using reg.exe

reg QUERY HKCR\Wow6432Node\CLSID\{1CECFD4D-2CFB-4626-95C7-0266C26960FA}\Inprocserver32 /ve
Bin
  • 844
  • 5
  • 15
  • This does not give any output in my Windows 2003 Server system - should it print out the value on the console? – mjn Jun 19 '15 at 06:46
  • I don't have a 2003 machine to test on. Perhaps you can use the reg.exe command. – Bin Jun 23 '15 at 16:13
  • The reg query one-liner does the trick, many thanks! – mjn Aug 10 '15 at 08:36
2

What happens when you search the registry for {1CECFD4D-2CFB-4626-95C7-0266C26960FA}?

So the powershell component, this should get you started:

$cred = Get-Credential domain\user
Enter-PSSession <name of computer> -Credential $cred
Set-Location HKCR:\Wow6432Node\CLSID\{1CECFD4D-2CFB-4626-95C7-0266C26960FA}\LocalServer32
Get-ChildItem
Joseph Kern
  • 9,809
  • 3
  • 31
  • 55