Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

DCOM Security and Configuration

TABLE OF CONTENTS

Configure DCOM settings for the OPC client node

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedFeb 24, 2023
  • 2 minute read

On client computers that access OPC servers, you must enable DCOM and grant appropriate account access.

Note: The procedure below provides general instructions for configuring DCOM settings for the OPC client node. It is likely that your company's IT specialist will need to consult with your OPC server vendor to identify the DCOM settings required for your security arrangement. Error codes generated by the OPC foundation will help to determine your correct DCOM configuration.

To configure the required settings, perform the following steps:

  1. In a command window, issue the dcomcnfg command. The Component Services window is displayed.

  2. Expand Console Root > Component Services > Computers, right-click My Computer and then click Properties.

  3. In the My Computer Properties window, click the Default Properties tab and set the appropriate settings:

    1. Select the Enable Distributed COM on this computer check box if the OPC client must connect to an OPC server running on a different computer. DCOM can be disabled if the client and server run on the same computer. Disabling DCOM is secure but doing so disables many remote management functions.

    2. Set Default Authentication Level to Packet Integrity.

    3. Set Default Impersonation Level to Identify.

    4. If the OPC user account is a local user account, click the COM Security tab, and add the account to the appropriate access control lists (ACLs) as follows: Under Access Permissions, add the user (and the OPC administrator) to both the Limits and Defaults ACLs. Set Access Permissions for the default users and groups as follows:

      Permissions

      User

      Setting

      Access Type(s)

      Limits

      Everyone

      Allow

      Local Access and Remote Access

      ANONYMOUS LOGIN

      Allow

      Local Access

      Default

      SELF

      Allow

      Local Access and Remote Access

      SYSTEM

      Allow

      Local Access

  4. Under Launch and Activation Permissions, add the user to both the Limits and Defaults ACLs. Set the Launch and Activation Permissions for the default users and groups as follows:

    Permissions

    User

    Setting

    Access Type(s)

    Limits

    User under which OPC Server runs, or Administrators

    Allow

    Local Launch

    Remote Launch

    Local Activation

    Remote Activation

    Everyone

    Allow

    Local Launch and

    Local Activation

    Default

    User under which OPC Server runs, or Administrators

    Allow

    Local Access and

    Remote Access (or Launch and Activation, depending on your Windows operating system)

    INTERACTIVE

    Allow

    Local Access and

    Remote Access (or Launch and Activation, depending on your Windows operating system)

    SYSTEM

    Allow

    Local Access and Remote Access (or Launch and Activation, depending on your Windows operating system)

TitleResults for “How to create a CRG?”Also Available in