The DCOM security model provided by Windows XP prior to Service Pack 2 and Windows Server 2003 prior to Service Pack 1, provides a basic level of capability.

The client and server negotiate an authentication level acceptable to both. For a client request to cause a server process to launch, that client must be authorized in the server's Launch Permissions ACL. For a client to access an already-launched server, that client must be authorized in the server's Access Permissions ACL.

Initiating a private server for OpenROAD entails launching a private ASO process, so clients that request a private server must be authorized in the ASO Launch Permissions ACL and in the ASO Access Permissions ACL.

Clients never launch the SPO (only the orsposvc service should do that), so clients that request a shared server need only be authorized in the SPO Access Permissions ACL. The only account that should be authorized to launch the SPO is SYSTEM (which is the account under which the orsposvc runs).