Summary
DCOM and ActiveX share a common base with RPC; often, skills you learn in RPC can be carried over into the other technologies. If we had to sum up the critical security best practices for RPC, DCOM, and ActiveX, they would be these: For RPC, compile with the /robust MIDL switch and don't run as SYSTEM. For DCOM, don't run as SYSTEM. And for ActiveX, don't mark the control safe for scripting unless it really is, and consider using SiteLock.