|
|
Windows XP SP2 Configuration for OPC Section
How to configure Windows XP SP2 for use with OPC (client side)
1 - On the client host, create a user accout with the same name and password of user account which starts OPC server on server host
2 - Run intall.bat included in the file - distrib_opc.zip
3 - DCOM Configuration
3-1. Click Start -> Run
3-2. Enter DCOMCNFG and press OK. This will open the DCOMCNFG window.
3-3. Browse down the tree to Console Root -> Component Services -> Computers -> My Computer
3-4. Right click on "My Computer" and select properties
3-5. Select the "Default Properties" tab
a. Enable Distributed COM on this computer - Option is checked
b. Default Authentication Level - Set to Connect
c. Default Impersonation Level - Set to Identify
3-6. Select the "COM Security" tab
3-7. Click on Access Permissions Edit Default button
a. Add "Anonymous", "Everyone", "Interactive", "Network", "System" with Local and Remote access permissions set.
3-8. Click on Access Permissions Edit Limits button
a. Add "Anonymous", "Everyone", "Interactive", "Network", "System" with Local and Remote access permissions set.
3-9. Click on Launch and Activation Permissions Edit Default button
a. Add "Anonymous", "Everyone", "Interactive", "Network", "System" with Local and Remote access permissions set.
3-10. Click on Launch and Activation Permissions Edit Limits button
a. Add "Anonymous", "Everyone", "Interactive", "Network", "System" with Local and Remote access permissions set.
3-11. Click on Apply and OK button
3-12. Close the DCOMCNFG window
See:- Using OPC via DCOM with XP SP2 v1.10.pdf
4 - Turn off Simple File Sharing:
Simple file sharing is the default for Windows XP SP2 when configured for workgroup operation.
When simple file sharing is enabled:
- The Guest account is enabled
- All network connections, including OPC DCOM connections, are forced to connect as Guest.
- OPC communications will fail because Guest is a restricted account.
To disable Simple File Sharing: Open Windows Explorer, and choose Tools>Folder Options menu.
Click on the View tab and scroll to the bottom until you see "Use simple file sharing (Recommended)." Uncheck this box, then click OK.
Windows XP computers that are members of a domain are not affected. Additional information about
Simple File sharing is available here:
906574.mspx
This point fixes DCOM Error 0x80070005
5 - Adjust Local Security Policy settings:
New default policies in Windows XP limit access to secured objects to the creator of the object.
In previous versions of Windows, objects created by members of the administrators group were
accessible to other members of that group. The new policy may cause the OPC interface to fail
when it cannot access a file or secured object.
Start -> Control Panel -> Administrative Tools -> Local Security Policy
Navigate to Security\Local Policies\Security Options
"System Objects: Default owner for objects created by members of the Administrators group."
The Security Setting should be set to "Administrators Group," not "Object Creator."
"Network Access: Sharing and security model for local accounts" The Security Setting should be set
to "Classic - local users authenticate as themselves," not "Guest Only - local users authenticate as guest."
Network Access: Let everyone permissions apply to anonymous users - Set to Enabled
DCOM: Machine Access Restrictions - Add Anonymous, Everyone, Interactive, Network, System with full rights options set.
See: http://support.microsoft.com/kb/318825
6 - NOTE:This procedure is valid for Windows XP SP3 too
7 - It is possible to have an error when accessing Network Properties:
"You do not have sufficient privileges for accessing connection properties"
This can happen if the Default Impersonation Level setting is set to Anonymous
7.1 Click Start–>Run, type dcomcnfg, and click OK
7.2 Expand Component Services, expand Computers and click Properties
7.3 Click the Default Properties tab and in the Default Impersonation Level box, click Identify, and click OK
See also:
error-you-do-not-have-sufficient-privileges-for-accessing-connection-properties.html
8 - Last but not least, do not forget to set the Windows Firewall accordindly, to let the DCOM to work.
|
|
|
