Windows Operating System Versions Released Before June 14, 2022
If the update of the operating system was released before June 14, 2022 but after June 8, 2021, proceed as follows to enable DCOM hardening and to raise the authentication level for all the non-anonymous activation requests from OPC clients to the minimum requested level:
- Add the
RequireIntegrityActivationAuthenticationLevelregistry key and set the value data to0x00000001. - Add the
RaiseActivationAuthenticationLevelregistry key and set the value to0x00000002.
The following procedure applies to Desigo CC software starting from version V5.1.
- In the Windows search box on the taskbar, enter REGEDIT to open Registry Editor.
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat.
- Do one of the following:
- If the value is already present, select RequireIntegrityActivationAuthenticationLevel.
- If the value is not already present, create it (right-click AppCompat and select DWORD (32-bit) Value) and then enter RequireIntegrityActivationAuthenticationLevel.
- To modify the registry key value data, do the following:
a. Right-click RequireIntegrityActivationAuthenticationLevel, select Modify.
b. To enable hardening changes, enter Value Data = 1 in hexadecimal format. - Do one of the following:
- If the value is already present, select RaiseActivationAuthenticationLevel.
- If the value is not already present, create it (right-click AppCompat and select DWORD (32-bit) Value) and then enter RaiseActivationAuthenticationLevel.
- To modify the registry key value data, do the following:
a. Right-click RaiseActivationAuthenticationLevel, select Modify.
b. To raise the authentication level for all the OPC clients, enter Value Data = 2 in hexadecimal format. - After setting those registry keys, restart the device to apply changes.
- For Desigo CC versions older than V5.1, setting the registry keys as indicated in the procedure above—although no specific tests have been done in this regard—no issue should occur in running those older versions. However, if any malfunctioning is detected, it is necessary to update either the Windows operating system or Desigo CC software.
- After machine reboot, at the first start of the Desigo CC project, an error might be logged in the Event Viewer, which is related to the communication between WinCC OA OPC driver and the OPC Enum on the remote machine. However, even though the driver is not compromised, if any malfunctioning is detected, it is necessary to update the Windows operating system to the latest security update available.