If we look at Windows 11 or Windows Server 2022 Event System Log, we can see Event 10016 PerAppRuntimeBroker (APPID: {15C20B67-12E7-4BB6-92BB-7AFF07997402}) Warning:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user Username (…) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Microsoft recommendation is (DCOM event ID 10016 is logged in Windows):
“These events can be safely ignored because they don’t adversely affect functionality and are by design. It’s the recommend action for these events.”
However, these warnings are very annoying and can confuse anyone, that something is wrongly configured.
With further analysis, we can find out, that DCOM application with ID {15C20B67-12E7-4BB6-92BB-7AFF07997402} is PerAppRuntimeBroker.
In this case, the current logged in user does not have permission to Local Launch (Local Activation) DCOM Application PerAppRuntimeBroker.
Solution:
It doesn’t help if we enable Local Launch (Local Activation) permission for logged in user for DCOM Application PerAppRuntimeBroker in Component Services application. We have to enable LocalLaunch (Local Activation) permission for local Users group!
We have to open Component Services application as Administrator, Computers, My Computer, DCOM Config and select Detail View from View Menu.
From the list we can find Application PerAppRuntimeBroker with ID {15C20B67-12E7-4BB6-92BB-7AFF07997402}.
If we right click on PerAppRuntimeBroker application and select Security Tab, everything is gray, because as administrator we don’t have permission to change DCOM Application permissions.
It is easy to change permissions for selected Application with Registry Editor (regedit.exe).
With Edit/Find command, we can find PerAppRuntimeBroker Application ID in Registry.
It is located in HKEY_CLASSES_ROOT\AppId\{15C20B67-12E7-4BB6-92BB-7AFF07997402}.
With right click and selected Permissions…, we can change permissions for selected AppId. First, we need to change the owner of registry Key.
Go to Advanced, Change Owner to Administrators group (local Administrators group, if computer is member of domain), select OK twice. Then open Permissions window once again and change permissions of Administrators group to Full Control.
Now, we have to open Component Services application as Administrator again, Computers, My Computer, DCOM Config and select Detail View from View Menu. If we right click on PerAppRuntimeBroker application and select Security Tab, we can edit Launch and Activation Permissions. When we click on Edit Button, we get a Windows Security window:
Obviously, something is wrong with permissions. So, we can choose a Remove button.
We have to Add Users group (local Users group, if computer is a member of domain). We have to set Local Launch and Local Activation Permissions for Users group.
That’s it. We will not see Event 10016 PerAppRuntimeBroker Warning any more in our OS.
Enjoy!!!
I invite you to solve also Event 10016 Windows.SecurityCenter Warnings in Windows 11!
Recent Comments
{03E09F3B-DCE4-44FE-A9CF-82D050827E1C} Warning