“Activate-As-Activator” (AAA)
“Activate-As-Activator” (AAA) is a launch and identity model used in COM (Component Object Model) and DCOM (Distributed COM) systems on Windows. It controls who the COM server runs as when an object is activated.
In this model:A COM object runs in the security context of the client (the process that activates it), not as a service or under a dedicated user account.
Why This Matters
This setting influences:
- Security: Who can access the object and what resources it can reach.
- Behaviour: The identity the object uses to perform actions.
- Auditability: How easily actions by the object can be traced to a user.
- Resource Access: File systems, registry entries, network shares, etc.
Types of COM Server Activation Contexts
| Activation Model | Runs As | Common Usage |
|---|---|---|
| Service | SYSTEM or service account | Background processes or system-wide services |
| Launch-As-User | A specific configured account | Isolated or controlled privilege execution |
| Activate-As-Activator | The calling (client) user | Lightweight or legacy apps needing same identity |
Security Implications
Advantages:
- Simpler setup for development or single-user systems.
- Inherits the identity of the calling user, so access to user-specific resources is straightforward.
Disadvantages:
- Privilege escalation risk: A low-privilege user might activate the server in a higher-privilege process context.
- Shared context issues: Multiple clients could affect the same server instance without proper isolation.
- Audit complexity: Since identity varies with the caller, it’s harder to trace or restrict behaviour.
Real-World Example
Suppose a COM object is registered to generate PDF reports from user files:
- With Activate-As-Activator, when User A requests the object, it runs with User A’s privileges, accessing only their files.
- If User B runs it, the object runs as User B.
- Contrast that with a Service, where the object runs independently of who requested it, possibly with broader access.
How to Configure It
You can configure the identity and activation model of a COM server using:
- DCOMCNFG utility (GUI)
- Registry (e.g., under
HKEY_CLASSES_ROOT\AppID\{AppID}orHKLM\Software\Classes\AppID) - Programmatic setup via security descriptors
In DCOMCNFG, the relevant settings are found in the Identity tab for a COM application:
- The launching user: Runs as the client who activated the object (this is Activate-As-Activator)
- The interactive user: Runs as whoever is logged in at the console (also considered AAA)
- This user: Runs under a specific, fixed account (not AAA)
- Service: Runs independently as a Windows service