Required accounts

To configure DCOM, you need to create the appropriate accounts for your configuration. Your OPC server and OPC client deployment determines the required accounts, as follows:

• If the OPC server and client run on separate computers in the same Windows domain, use lowest privileged domain accounts.

• If the OPC server and client run on separate computers in different, untrusted Windows domains (or are not members of a domain), you must create identical local accounts (same user name and password) on both computers. These service accounts must have password expiration disabled. OSIsoft recommends that you not use this approach, because it requires you to maintain multiple identical local accounts.

OSIsoft recommends that you create highly privileged OPC administrator accounts and less privileged user accounts, as follows:

• OPC administrator account : On the domain controller, configure a privileged OPC administrator account. Assign this account to the user who configures and controls access to OPC software and data. The administrator account must be a member of the Administrators group. As a member of this group, the administrator account has full and unrestricted access to the local computer.

• OPC user accounts: For users who need access to OPC data but who do not configure the software or system, create accounts with the minimum level of permissions required. These users can run the OPC client application and connect to the OPC server. If the server and client computers do not share a common domain, create identical local accounts on both computers.