The Application Server role installation process provides an option for enabling COM+ Network Access. When COM+ Network Access is enabled, a firewall exception rule is created that opens port 135. The following sections describe situations in which you should enable COM+ Network Access. They also describe situations in which you should not enable COM+ Network Access.
Enabling COM+ Network Access
-
You should enable COM+ Network Access when one or more of the COM+ applications on the server are called from clients or applications that reside on different computers.
-
If your product collects COM+ performance data by remotely calling an object that tracks performance, you must enable COM+ Network Access.
Note | |
Enabling COM+ Network Access in Application Server does not automatically make COM+ applications remotely accessible. To ensure that a remote COM+ application is accessible, you must configure the application to use a static TCP endpoint. |
Disabling COM+ Network Access
-
You should not enable COM+ Network Access if all the applications that are hosted in COM+ on the local computer are called only from other applications on the local computer, such as an ASP.NET page or a workflow. In this case, COM+ Network Access is not necessary, and leaving COM+ Network Access disabled helps reduce the attack surface area.
Additional references
-
Installing and Configuring Application Server
-
For more information about COM+ Network Access, see What's New in COM+ 1.5 (
https://go.microsoft.com/fwlink/?LinkId=81264 ).
-
For information about configuring a COM+ application to use a static TCP endpoint, see Cannot set a fixed endpoint for a COM+ application (
https://go.microsoft.com/fwlink/?LinkId=93633 ).
-
For information about COM+, see COM+ (Component Services) (
https://go.microsoft.com/fwlink/?LinkId=93848 ).
-
For information about security and Web applications, see Securing Your Application Server (
https://go.microsoft.com/fwlink/?LinkId=94263 ).