Event ID: 10024 Source: DistributedCOM

Posted on by

How to fix problem in the “DCOM: Machine Access Restrictions” and “DCOM: Machine Launch Restrictions”.

If you see pool of errors with DCOM 10024 in System log then proceed with followng steps to fix this:

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Event ID: 10024
Task Category: None
Level: Error
Keywords: Classic
Description:
The machine wide group policy Launch and Activation Limits security descriptor is invalid. The security descriptor is defined as an invalid Security Descriptor Definitions Language (SDDL) string. The requested action was therefore not performed. Please contact your administrator to get the security descriptor corrected in the Group Policy settings.
The machine wide group policy Access Limits security descriptor is invalid. The security descriptor is defined as an invalid Security Descriptor Definitions Language (SDDL) string. The requested action was therefore not performed. Please contact your administrator to get the security descriptor corrected in the Group Policy settings.
  • Check the Security policy if DCOM: Machine Access Restriction/Machine Launch Restriction are configured as “Not Defined”

    • Secpol.msc > Local Policies > Security Options > DCOM: Machine Access Restriction/Machine Launch Restriction

  • Then open regedit and navigate to:

    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\dcom\

    • If you have in this path saved following 2 registry keys then remove them:
      • machineaccessrestriction
      • machinelaunchrestriction
  • Problem should be fixed! No more errors in system log with invalid SDDL DCOM permissions. No reboot is required.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.