ASP Access Errors after Windows 2003 SP1

I'm at my wit's end on this one. This is our basic environment (around 150 clients, some on split servers, some running all on one server):
- ServerA hosting ASP pages, with IIS running under a domain user called 'IIS', added to the User group
- ServerB hosting Dlls, with COM+ app running under a domain user called 'COM', added to the Administrators group; this app has been exported to the web server and is running as an application proxy

Everything was working fine on Server 2000 (IIS5.0) and continued working fine after upgrading the server to Server 2003 (IIS6.0). However, as soon as we ran Server 2003 SP1, we received the following, much too familiar, error:
Server object error 'ASP 0178 : 80070005'

Server.CreateObject Access Error

/xxxxx/includes/login.asp, line 147

The call to Server.CreateObject failed while checking permissions. Access is denied to this object.

I've tried everything I could find on these forums, Microsoft's site, etc. Here is a brief list:
- Granted security permissions (Read & Execute, then Full Control after no initial success) to the Everyone group on the dlls
- Granted security permissions (Read & Execute, then Full Control after no initial success) to IUSR_machinename on the dlls
- Did the two above items on the registry object for the dll being called by line 147 of the page
- Added IUSR_machinename to the Admin group (I was getting desperate)
- Added domain user 'IIS' as User, then Power User, trying the above permissions at each step

The only thing we've been able to do to make this work is to add the domain 'IIS' user to the Administrator group. This causes two headaches:
1. People get nervous when we tell them they need to add the IIS user as an Admin user, particularly on a box that isn't even running IIS
2. With the way the application functioned pre-SP1, we didn't necessarily need domain users, and this seems to change that need, which again makes people grumble

Can anyone tell me if I'm missing something? Or, are we simply stuck with this, due to the way IIS and COM+ interact? Any and all help would be greatly, and forever, appreciated!

Thanks!

Perhaps the problem is lack of permissions on one or more of the files used by the COM object. From your description something needed doesn't allow the IIS user account in.

If your users authenticate to the website then it's their user account that need permissions.

Maybe some tool like filemon (from sysinternals.com) can spot the file with the permission problem.