Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

DCOM Security and Configuration

TABLE OF CONTENTS

Configure local security settings

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedNov 15, 2022
  • 2 minute read

You must configure the local security settings that affect DCOM authentication. After making these changes, your Windows platform might require you to restart to put changes to group membership into effect.

Note: Rather than set the Sharing and security model for local access security setting as described here, you can disable simple file sharing using the Windows Explorer options. However, be advised that the local guest account remains enabled, and DCOM connections are not authenticated.

  1. Click Start > Control Panel > Administrative Tools > Local Security Policy. (Alternatively, to launch the Local Security Policy control panel, type secpol.msc in the Start menu Search field.)

  2. Under Security Settings, click Local Policies > Security Options.

  3. Configure settings as follows:

    • Network access

      Right-click Sharing and security model for local access and choose Classic – local users authenticate as themselves. Click OK.

    • System objects (Windows Server 2003 only)

      Default owner for objects created by members of the Administrators group . Right-click and select Administrators group.

  4. Save your settings and exit.

    Note: You should also open a range of ports above port 5000. Port numbers below 5000 may already be in use by other applications and could cause conflicts with your DCOM application(s). Furthermore, previous experience shows that a minimum of 100 ports should be opened, because several system services rely on these RPC ports to communicate with each other.

    Windows Server 2008 and Windows 7 include changes designed to enhance the security of the NTLM authentication protocol, which is used by servers and clients when running in workgroup mode. By default, these versions of Windows are configured so that they will only communicate with other computers that use the enhanced NTLM security. This can prevent authentication from the OPC client to the OPC server when using local accounts. To ensure interoperability, OPC server and client nodes must be configured so that the NTLM-specific settings on the two computers match. Older Windows versions (at least back to Windows XP) with up-to-date service packs will support the new settings. Windows 2003 Service Pack 1 supports this setting.

    See the OSIsoft KB article for details: KB01444 - Configuring NTLM authentication for OPC.

TitleResults for “How to create a CRG?”Also Available in