Scribd
Upload
43 views

Configuración OPC Server

This document provides instructions for configuring an OPC server remotely, including: 1. Creating a user account to run the OPC client/server and adding it to the DCOM Users group for permissions. 2. Specifying the DCOM network and security properties for the OPC server, such as default protocols and identity. 3. Configuring access permissions, including allowing access for all users by modifying security policies, at the cost of lower security.

Uploaded by

Walter Medina Lopez
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
43 views

Configuración OPC Server

This document provides instructions for configuring an OPC server remotely, including: 1. Creating a user account to run the OPC client/server and adding it to the DCOM Users group for permissions. 2. Specifying the DCOM network and security properties for the OPC server, such as default protocols and identity. 3. Configuring access permissions, including allowing access for all users by modifying security policies, at the cost of lower security.

Uploaded by

Walter Medina Lopez
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

Configuración OPC Server – Remoto

2. Creating a user and giving access permissions

2.1 Adding a user


You need to create a user that has permissions to run and use DCOM applications. To
increase security, you can create a user with restricted permissions. You need to have
administrator permissions to add a user.
Attention! You need to create users with the same name and password on both
computers (where the server and the client are installed). Later on, you should run the
OPC client using this user account.
You can do the following to access the computer management console (fig. 2):
1. Open Windows Explorer using the taskbar icon or the Win+E keyboard shortcut;
2. Select the Computer item in the left part of the Explorer;
3. Click the right mouse button.
4. Select Manage.

Fig. 2 Access to the computer or server management console

Fig. 3 Adding a new user


Fig. 4 New user properties

You can create a user with any name. The password must be specified and must not
be empty.
2.2 Giving permissions
To allow the new user to work with DCOM, you should add the user to the
corresponding DCOM Users group.

Fig. 5 User groups


Fig. 6 Adding a user to the group

Manually type the username in the new dialog box. It is "opc" in this example. Then
click OK.

Fig. 7 Selected user

Fig. 8 User in the group


Note. You can create several users and add them to one DCOM Users group. You can
also add existing users to this group.

4. Specifying DCOM properties


For OPC servers to run correctly, you should specify the DCOM network and security
properties.
There is no need to configure OpcEnum because this service is automatically
configured when you install OPC Core Components.
This example shows how to specify the properties for the test OPC server “Test OPC
Server” (it is a 32-bit application). You can configure the DCOM parameters using the
control panel of the Windows ComponentService. Depending on the word size of the
operating system and the OPC serverapplication, you should run the corresponding
version of the control panel:
1. 32-bit version of Windows- dcomcnfg command (fig. 19.1).
2. 64-bit version of Windows, 64-bit OPC server executable file - dcomcnfg
command (fig. 19.1).
3. 64-bit version of Windows, 32-bit OPC server executable file – mmc
comexp.msc /32 command (fig. 19.2).
To run the command from the command line, open the Run dialog box by pressing
Win+R on the keyboard.

Fig. 19.1 Starting Component Services (case 1)

Fig. 19.2 Starting Component Services (case 2)

4.1 Specifying the default properties

Fig. 21 Properties
Fig. 22 COM security

Click button 1 (fig. 22). In the new dialog box (fig.23):


1. Click the Add button;
2. Add the DCOM users group by performing operations similar to those shown in
figures 7 – 9;
3. Set access permissions for it;
Click the OK button to save the changes.

Fig. 23 Configuring access permissions

Repeat the operations in the Launch and Activation Permission dialog box (fig.24)
that appears when you click the Edit Default... button (fig. 22).
Fig. 24 Configuring launch permissions

Delete all protocols except for TCP/IP on the Default Protocols tab (fig.25) and click
OK to save the changes in the My Computer - Properties dialog box.

Fig. 25 Configuring protocols


4.2 Specifying OPC server properties

Fig. 26 Specifying DCOM properties for the OPC server

Since all properties have been already specified for the entire computer, you should
make sure that the OPC server uses the default properties.

Fig. 27 General OPC server properties

Fig. 28 Security properties


Fig. 29 Endpoints

Fig. 30 Identity

You should specify the previously created user that will launch the OPC server on the
Identity tab.
Note 1. Before you edit the properties of the OPCserver, you should make sure that it
is not running and is absent in the list of active processes. Or restart the OPC server
after you edit its properties.
Note2. It is necessary for some OPC servers to be launched with administrator
permissions at least once in order to get registered in the system and initialize the
parameters of the OPC server. They will be available for detection via OpcEnum and
connection only after such initialization.
4.3 Configuring the Everyone access to OPC servers
Attention! Access permission for everyone may lower the security level of the
computer.
Sometimes it may be necessary to permit access to the OPC server for everyone,
including anonymous users. For example, when the computer with the server does not
belong to the domain while a lot of clients will be connecting to the server.
Advantages:
1. It is possible for the computer with the server not to belong to the domain;
2. No need to create users on the computer with the OPC server;
3. Users can run the OPC client using their own account.
Disadvantages:
1. Lower security because ofthe remote access to DCOM for everyone.
If you want to provide access to the OPC server for everyone, you should configure
individual access permissions for the selected OPC server.
Open the DCOM properties for the OPC server as shown in section 4.2 and edit them
according to fig.31 – fig.34. The other properties must correspond to the ones specified
in section 4.2.

Fig. 31 General properties

Fig. 32 Security properties


Fig. 33 Launch and activation permissions

Fig. 34 Access permissions

You should configure the local security policy. To do it, you should open the Local
Security Policy console. You can open the console by moving the mouse pointer to
the corner and selecting Settings - Control Panel - System andSecurity -
Administrative Tools - Local Security Policy. You should go to the Local Policies:
Security Options section. And set the rule Network access: Let Everyone
permissions apply to anonymous users to Enabled (fig. 35).

Fig. 35 Security policy properties


If you change the security policy (as shown in fig. 35) and OPC clients cannot get the
list of OPC servers and connect to them, you should specify and save advanced
security policy properties (fig. 36-37).
1. DCOM: Machine Access Restrictions in SecurityDescriptor Definition
Language (SDDL) syntax
2. DCOM: Machine Launch Restrictions in Security Descriptor Definition
Language (SDDL) syntax

Fig. 36 DCOM: access restrictions

You can find the detailed description of how to add a group or user in section 2.2.

You might also like