>>My main application requires periodically starting and using a (local) COM EXE. My app should be the only thing that ever calls/starts this COM EXE.
>>
>>Is there accepted best practice to prevent, say, someone in Windows Explorer double-clicking on the COM EXE and starting it manually?
>>
>>My first thought is to pass in a parameter with the CREATEOBJECT( ) call that invokes the COM EXE. If it doesn't get a parameter (or the right value of the parameter), it closes itself - maybe after popping up an explanatory message.
>>
>>This is really to deal with curious users, or those who click on the COM EXE by mistake when they should be starting up the main app EXE. It doesn't have to be battle-hardened and able to thwart determined hackers.
>
>
>Hi Al,
>
>We have something to solve this issue, we have a launcher program that will do some checkings, for example if the user has enough right to launch said program, but of course if they run the exe directly this check will not be performed, so we check that the exe has been started from our launcher, the code is
>
>

>	* The only valid call is from Launcher.EXE for it verified user rights, terminate otherwise
>	if not Inlist(Nvl(Lower(getParentProgram()), ''), 'x:\foxv\prog\launcher.exe', '\\skyapps\apps\foxv\prog\launcher.exe')
>		Messagebox('This program cannot run independently' + Chr(13) + 'You must use the Local Launcher application, contact IT for directions', 64, 'Direct access disabled!')
>		return .f.
>	endif
>

>
>And the getParentProgram is:
>
>

>local loLocator, loWMI, loProcesses, loProcess, lnProgID, loParentProcesses, loParentProcess, lcParent
>
>declare integer GetCurrentProcessId in WIN32API
>
>lcParent	= null
>lnProgID	= GetCurrentProcessId()
>loLocator	= CREATEOBJECT('WBEMScripting.SWBEMLocator')
>loWMI		= loLocator.ConnectServer()
>loProcesses	= loWMI.ExecQuery([SELECT * FROM Win32_Process WHERE ProcessId = ] + Transform(lnProgID))
>
>For each loProcess in loProcesses
>	loParentProcesses	= loWMI.ExecQuery([SELECT * FROM Win32_Process WHERE ProcessId = ] + Transform(loProcess.ParentProcessID))
>	for each loParentProcess in loParentProcesses
>		lcParent		= loParentProcess.ExecutablePath
>	endfor
>endfor
>
>return lcParent
>

Thanks, Hugo. I was pointed at the _VFP.StartMode property, which is good enough for my current use case. But your code looks more secure - able to lock access down to the correct calling process. I've bookmarked it for possible future use - thanks!