OPCServer:DCOM Configuration

From IBHsoftec Wiki English
Jump to: navigation, search

DCOM configuration

Follow the steps listed in order to enable communication via DCOM.

In case the settings do not match your security requirements, alter the suggested settings accordingly.

DCOMCNFG

DCOM uses security settings in order to protect Clients and Servers from unauthorized access. The security settings may be altered within the Windows application DCOMCNFG. In order to use the program, administrative rights are required.

For Windows 9x systems, DCOMCNFG is not part of the default installation. It needs to be explicitly added.

Select "Run" and type "DCOMCNFG" in order to run DCOMCNFG. A dialog application appears, which permits to do the security settings.


In the table below the settings are listed, that in general work with OPC Servers and OPC Clients.

Parameter Setting
Default properties - Authentification Level None
Default properties - Impersonation Level Impersonate
Default properties - Launch and Activation permissions Everyone, System, Administrator und Interactive User
Default properties - Access permissions Everyone, System, Administrator und Interactive User


The altered settings are apllied to DCOM applications after restarting the application.

In case the two PCs are not part of the same domain, the same local user should be added to both systems. The password of this OPC User needs to be identical on both PCs.

DCOM and Windows XP

When starting DCOMCNFG in Windows XP, a user interface to configure the component services is started. The user may now get to the DCOM configuration dialog by picking "Component Services | Computers | My Computer" and then displays the properties.

The default installation of Windows XP authentificates users from remote computers as Guest. This means, that DCOM Clients can not connect to a server, as long as the Guest access is not activated and the Guest does not have enough permissions to access the server.

The default behaviour may be changed using the conrol panel.

Administrative Tools | Local Security Policy | Local Policies | Security Options | Network access: Sharing and security model for local accounts. Set this to: "Classic - local users authentifcate as themselves".

DCOM und Windows XP SP2

Windows XP SP2 makes a difference in the DCOM configuration between local and remote connections. Please make sure to set the permissions also for the remote access.

For Windows XP SP2 are besides the Start and access permissions also settings for the Start and access restrictions. Per default there is a remote access restriction for the user "Everyone". This restriction needs to be removed, if access needs to be granted to someone.

DCOM and Firewalls

DCOM can not be used via a Firewall. Disable the Firewall to permit a remote communication.