I’m using ConfigMgr 2007 to deploy the same Windows XP build as I currently do via SMS. However, after deploying the machine via ConfigMgr 2007 I’m seeing numerous DCOM errors with Event ID 10016 in the System log on my Client machines:

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.


This is to do with the “Network Access Protection Agent” (napagent) service on the machine and the fact that the ConfigMgr Client is more tightly integrated with NAP than the SMS Client.

If NAP is being used then these errors can be ignored because as soon as the service is started the errors should go away.

If NAP isn’t being used then these errors can be safely ignored.

How I determined it was the “Network Access Protection Agent” (napagent) service was to run Regedit and search for “

This found a match to “HKEY_CLASSES_ROOT\CLSID\{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}”. Under this there was String Value called “AppID” whose value was “{B292921D-AF50-400c-9B75-0C57A7F29BA1}

Doing a search for “{B292921D-AF50-400c-9B75-0C57A7F29BA1}” revealed the application in question was the “napagent” service (under “HKEY_CLASSES_ROOT\AppID\B292921D-AF50-400c-9B75-0C57A7F29BA1}”).