hi everyone having a problem with a 2008 R2 server that apparently out of the blue has started reporting COMRuntime errors. Although I'm certain its a change from elsewhere I'm having a huge problem tracking it down as the obvious things - setting the security defaults - haven't solved it and trying to find more info is a bit of a problem, a lot of the google results are populated with fixyourregistrynowtool crap as opposed to helpful info. Here's the usual batch of errors; COMRuntime 18209 The machine-default permission settings do not grant Local access permission to the COM Server application C:\Windows\system32\svchost.exe with APPID Unavailable to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. COMRuntime 18210 The application-specific permission settings do not grant Local access permission to the COM Server application C:\Windows\system32\DFSRs.exe with APPID Unavailable to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). The application set this security permission programmatically; to modify this security permission contact the application vendor. The application-specific permission settings do not grant Local access permission to the COM Server application C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe with APPID Unavailable to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). The application set this security permission programmatically; to modify this security permission contact the application vendor. The application-specific permission settings do not grant Local access permission to the COM Server application C:\Windows\system32\svchost.exe with APPID Unavailable to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). The application set this security permission programmatically; to modify this security permission contact the application vendor. The application-specific permission settings do not grant Local access permission to the COM Server application C:\Windows\system32\iashost.exe with APPID {48DA6741-1BF0-4A44-8325-293086C79077} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. The application-specific permission settings do not grant Local access permission to the COM Server application C:\Windows\system32\lsass.exe with APPID Unavailable to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). The application set this security permission programmatically; to modify this security permission contact the application vendor. The security settings ( Component Services -> Computers -> My Computer | Properties ) on the Default Properties tab were enable DCOM ticked, Enable COM internet services unticked, Default Authentication level set to Connect, Default Impersonation Level set to Identify (not set to impersonate for testing) under the Com Security tab, Access permissions defaults are; SELF - Local and remote SYSTEM - local (and now remote for testing) LOCAL SERVICE - local (and now remote for testing) NETWORK SERVICE - local Administrators - local and remote Under limits (and this is where I'm thinking something has been fiddled) Everyone - local and remote LOCAL SERVICE - Local and remote Performance Log Users - Local and remote Distributed COM Users - Local and remote Under the Launch and Activation Defaults; SYSTEM - Local Launch, Local Activation (and now remote Launch and activate for testing) LOCAL SERVICE - Local Launch, Local Activation (and now remote Launch and activate for testing) Administrators - Local and Remote Launch, Local and Remote Activation INTERACTIVE - Local and Remote Launch, Local and Remote Activation Under the Launch and Activation Limits Everyone - Local Launch and Local Activation LOCAL SERVICE - Local and Remote Launch, Local and Remote Activation Administrators - Local and Remote Launch, Local and Remote Activation Performance Log Users - Local and Remote Launch, Local and Remote Activation Distributed COM Users - Local and Remote Launch, Local and Remote Activation the Local Service as reported in the COMRuntime 18210's does have be default all the required access, launch and activation security requirements, the errors indicate the problem is with the binaries, but it just doesn't add up. 3 weeks ago this server had no problems. This server has also been logging DCOM errors to its DNS forwarders and some changes were looked at for that but these have now been reversed.