I have a COM+ application installed on a server that only runs properly if identity of the user account to "run as" is given local admin-level access. Of course, our sysadmin has a problem with this since he doesn't want to give any account an admin-level access, even to just the single server.

The only reason I could think of why this COM+ application (data-access ActiveX DLL component) needs an admin-level access is that it uses transactions, hence need to access MSDTC services. Other then that, all it does is read/writes to local MSSQL using a valid MSSQL user account.

For those of you who have deployed real n-tier application using COM+, what user account security settings did you need? TIA.