WEBfactory 2010

Establishing OPC Communication on different Windows versions

Abstract

The scope of these tutorials is to guide you through setting up the OPC Communication on diferent Windows versions.

Users will often experience difficulties with OPC Communication due to advanced security settings.

This document describes how to disable these security settings to allow OPC Communication in different Windows versions.

Windows 7

DCOM has limitations for connectivity when operating on separate domains/workgroups. These steps may work but, depending on individual networks, additional settings and components may be required.

DCOM Security settings

OPC uses ActiveX COM and DCOM to communicate, so we must open our DCOM permissions to allow this.

  1. Go to Start > Run (or press Windows + R).

  2. Type in dcomcnfg and click OK.

    Capture657.jpg
  3. Go to Console Root > Component Services > Computers > My Computer. Right-click on My Computer and select Properties.

    Capture658.jpg
  4. Go to the Default Properties tab and ensure that your Window matches the one shown below:

    Capture659.jpg
  5. Go to the COM Security tab. Under Access Permissions, click on the Edit Limits button.

    Capture661.jpg
  6. Ensure that you have allowed permissions to Anonymous Logon, Everyone, Interactive, Network, and System as shown below. Then click OK.

    Capture662.jpg
  7. Under Access Permissions, select the Edit Default button.

    Capture663.jpg
  8. Ensure that you have allowed permissions to Anonymous Logon, Everyone, Interactive, Network, and System as shown below. Then click OK.

    Capture664.jpg
  9. Under Launch and Activation Permissions, select Edit Limits.

    Capture665.jpg
  10. Ensure that you have allowed permissions to Anonymous Logon, Everyone, Interactive, Network, and System as shown below. Then click OK.

    Capture669.jpg
  11. Under Launch and Activation Permissions select Edit Default.

    Capture670.jpg
  12. Ensure that you have allowed permissions to Anonymous Logon, Everyone, Interactive, Network, and System as shown below. Then click OK.

    Capture671.jpg
  13. We have successfully configured the default DCOM settings. Click OK to return to the Component Services window.

  14. Under My Computer, open the folder labeled DCOM Config.

    Capture672.jpg
  15. Browse to your OPC Server, right-click on it, and select Properties.

    Capture673.jpg
  16. Under the General tab, set the Authentication Level to Connect.

    Capture674.jpg
  17. Go to the Security tab. Under Launch and Activation Permissions, select the Customize button. Then click Edit.

    Capture675.jpg
  18. Ensure that you have allowed permissions to Everyone, Interactive, Network, and System as shown below. Then click OK.

    Capture676.jpg
  19. Under Access Permissions choose the Customize button. Then click Edit.

    Capture677.jpg
  20. Ensure that you have allowed permissions to Everyone, Interactive, Network, and System as shown below. Then click OK.

    Capture678.jpg
  21. Go to the Identity tab. Ensure that your server is either running as The interactive user OR, if it is running as a service, The system account. Click OK to return to the Component Services window.

    Capture679.jpg
  22. In the DCOM Config folder browse to OpcEnum. Right click on it and select Properties.

    Capture680.jpg
  23. Under the General tab ensure that the Authentication Level is set to Connect.

    Capture681.jpg
  24. Go to the Security tab. Under Launch and Activation Permissions, select the Customize button. Then click Edit.

    Capture682.jpg
  25. Ensure that you have allowed permissions to Everyone, Interactive, Network, and System as shown below. Then click OK.

    Capture683.jpg
  26. Under Access Permissions select the Customize button. Then click Edit.

    Capture684.jpg
  27. Ensure that you have allowed permissions to Everyone, Interactive, Network, and System as shown below. Then click OK.

    Capture685.jpg
  28. Go to the Identity tab. The user should be set to The system account, as OpcEnum runs as a service. Click OK. The DCOM settings on this machine are now correct.

    Capture686.jpg
The Windows Firewall

If the Windows Firewall is up and running, it will interfere with communication between applications on the system.

There are ways to specify which applications are allowed through the Firewall – if you wish to do so, documents are available from the OPC Foundation which describe the procedure (www.opcfoundation.org).

Otherwise disable the firewall by walking through the following steps:

  1. Go to Start > Control Panel as shown:

    Capture687.jpg
  2. In Control Panel, go to System and Security > Windows Firewall.

    Capture688.jpg
  3. In the Windows Firewall window, click on the Turn Windows Firewall on or off.

    Capture689.jpg
  4. Select Turn Off Windows Firewall (not recommended) for your network and click OK to confirm.

    Capture690.jpg
Data Execution Prevention

Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. In Microsoft Windows XP Service Pack 2 (SP2) and Microsoft Windows XP Tablet PC Edition 2005, DEP is enforced by hardware and by software.

DEP will also prevent many installations from running, and has been known to cause other software issues. Please disable it as per the following steps:

  1. From your Start menu, right-click on My Computer and select Properties.

    Capture691.jpg
  2. In the System window, select Advanced system settings.

    Capture692.jpg
  3. Go to the Advanced tab. Under Performance, hit the Settings button.

    Capture693.jpg
  4. Select the Turn on DEP for essential…. button, as shown. Click OK. At this point it may be necessary to restart the machine.

    Capture694.jpg
Local Security Policy

If you are using workgroups instead of domains the following steps may need to be taken in order to establish communication. Please note that these changes may compromise the security of your system – speak with your network administrator if you have any concerns.

  1. Go to Start > Control Panel > System and Security > Administrative Tools > Local Security Policy.

    Capture695.jpg
  2. Go to Security Settings > Local Policies > Security Options.

  3. Right-click on DCOM: Machine Access Restrictions… and select Properties.

    Capture696.jpg
  4. Hit the Edit Security button, as shown.

    Capture697.jpg
  5. Ensure that Everyone, Interactive, Network, and System are added into the allowed Group or User Names, as shown. Click OK to return to the main security policy window.

    Capture698.jpg
  6. Right-click on DCOM: Machine Launch Restrictions… and select Properties.

    Capture699.jpg
  7. Hit the Edit Security button, as shown.

    Capture700.jpg
  8. Ensure that Everyone, Interactive, Network, and System are added into the allowed Group or User Names, as shown. Click OK to return to the main security policy window.

    Capture701.jpg
  9. Browse to Network access: Let Everyone permissions apply to anonymous users. Right click on it, and select Properties.

    Capture702.jpg
  10. Select Enabled and click OK.

    Capture703.jpg
  11. Browse to Network access: Sharing and security model for local accounts. Right-click on it and select Properties.

    Capture704.jpg
  12. Select Classic – local users authenticate as themselves and click OK.

    Capture705.jpg