Establishing Reliable and Secure DCOM Communication

Scenario

You want DCOM working properly and securely. For background information, see OPC and DCOM Security.

Prerequisites

You must consult the IT manager before making any changes to the Windows security settings or policies.

Before trying to establish a reliable and secure DCOM communication, it is necessary to verify the presence and the settings of antivirus software. Antivirus software detects viruses and other malware (trojans, worms, and so on). Antivirus applications protect your computer from unwanted activities. These applications should not catch OPC applications because they are not harming the computer. Therefore, it may be necessary to add OPC clients, OPC servers, and OPCEnum to the exception list so that they will not be accidentally stopped or removed. Also in this case, you must consult the IT Manager.

Note that the following procedure is based on a computer running at least Windows XP/SP2 or Windows Server 2003/SP1. Earlier versions of Windows can still take advantage of many (but not all) of these suggestions, but will be considerably more difficult to configure. So if possible, as a first step you should upgrade any OPC host platforms to a newer operating system version.

Overview

1
2
3
4
5

Remove Windows Security
Set up Mutual User Account Recognition
Configure Default System-wide DCOM Settings
Configure Server-specific DCOM Settings
Restore Windows Security