Prior to Windows NT 4.0, there was no special support for security in OLE beyond that provided by the operating system, so out-of-process servers had the same permissions as the interactive user, and an object could be instantiated for any CLSID in the registry, no matter who the user was.
To make it possible to implement an object that could perform privileged operations without compromising security, security features, which use and enhance the Windows NT security model, have been added to OLE. There are two main areas:
Launch Security controls which objects a client is allowed to instantiate. Call Security dictates how security operates at the call level between an established connection from a client to a server. While anyone can get interface pointers from the class table, they cannot use them if they do not have call permissions.
OLE provides a default security model, but also defines call-level interfaces that external security providers can implement to control object security.
It is also possible to have a server run as a given user account, through setting the RunAs named-value. This can be used to restrict or enhance available operations. For more information, see Installing as a Win32 Service or User Account.
The remainder of this section describes the capabilities of COM security in greater detail.