Activation security controls which classes a client is allowed to launch and retrieve objects from. Launch security is automatically applied by the Service Control Manager (SCM) of a particular machine. Upon receipt of a request from a remote client to activate an object (as described in Instance Creation Helper Functions), the SCM of the machine checks the request against activation security information stored within its registry.
There are two machine-wide secure settings in the registry, to which only machine administrators and the system have full access. All other users have only read-access. These are EnableDCOM and DefaultLaunchPermission. The EnableDCOM allows or disallows remote clients to launch class code and connect to objects for the system, and DefaultLaunchPermission, as the name implies, sets the default Access Control List (ACL) of who has permission to classes on the system.
You can override the default for any given class by assigning the desired permissions to the LaunchPermission key.