1. Configuring the DCOM interface in Windows XP SP2 The DCOM settings under Windows XP SP2 are described in the following table. The settings have to be carried out both for the client and for the server.
The DCOM settings are independent of whether the PC is in a work group or in a domain.
Note: The PC is made accessible to other PCs by the following start and access releases in DCOM.
No.
Procedure
1
Opening the component services
In the Windows taskbar, click on "Start" and then "Run...".
Enter "DCOMCnfg" in the selection field.
Fig. 02
2
Opening properties window
In the "Console Root", click on "Component Services > Computers > My Computer".
Open the properties window by right-clicking on "My Computer" in the project tree and then selecting "Properties" in the pop-up menu.
Fig. 03
3
Setting default properties
Press the "Standard Properties" tab and activate the "DCOM" selection box.
Set the default authentication level to "Default" and the default impersonation level to "Identify".
Fig. 04
4
Editing access authorization
Change to the COM security tab and press the "Edit limits..." tab of access authorization.
Note: If the "Edits limits..." tab is inactive, then the access rights are contained in the local securitypolicies.
Remedy:
In the control panel, click on "Local security policy" under "Administrative Tools".
Now go to "Security settings > Local policies > Security options" and open the policies for "DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax".
Note: If you delete groups or user names for general security reasons, this might impair the function of software components already installed.
Click on "Edit security..." and delete all group and user names.
Close all dialogs with "OK" and close the local security settings.
Fig. 05
5
Defining access authorization The user groups "ANONYMOUS LOGON" and "Everyone" are contained as default in the accessauthorizations in Windows XP Service Pack 2.
Add the listed group and user names in Table 01 and activate the "Remote access".
Close the window with "OK".
No.
Group / User name
1
(ANONYMOUS LOGON)
2
INTERACTIVE
3
(Everyone)
4
NETWORK
5
SYSTEM
Table 01
Fig. 06
6
Defining start and activation authorizations
The user groups "MACHINE\Administrators" and "Everyone" are in the Windows XP with Service Pack 2 as a default.
Add the listed group and user names in Table 02.
Activate all access rights, including "Remote start" and "Remote activation", for all users and user groups.
Close the dialog box with "OK".
Close the properties window of "My Computer" with "OK".
No.
Group / User name
1
(MACHINE\Administrators)
2
INTERACTIVE
3
(Everyone)
4
NETWORK
5
SYSTEM
Table 02
Fig. 07
2. Settings of the OPC server in DCOM The following settings are to be made only on the computer on which WinCC flexible is working as the OPC server.
Note: If you are not using the WinCC flexible OPC server "OPC.SimaticHMI.HmiRTm", you should configure the OPC server settings recommended by the product manufacturer.
No.
Procedure
1
Make the DCOM settings
Maximize the folder "DCOM configuration" in "Console Root > Component Services > Computer > My Computer".
Open the Properties window of "OPC.SimaticHMI.HmiRTm" by right-clicking to open the pop-up menu and then clicking on "Properties".
Fig. 08
2
Setting the authentication level
In the "General" tab, select "None" in the Authentication Level combination field.
Fig. 09
3
Defining the Run location
Switch to the "Run location" tab.
Select "Run application on the computer".
Fig. 10
4
Opening start and activation authorization dialog
Click on the "Security" tab.
Enable the "Adapt" option field in the "Start and activation authorizations" area.
Then click the "Edit" button.
Fig. 11
5
Adding start authorizations
Click the "Add..." button.
Add the listed group and user names in Table 03.
Note: You can search for group and user names in the window that opens using the "Advanced..." button. Click the "Start Search" tab. By selecting the "OK" key you can transfer all group or user names.
Click the "OK" button.
No.
Group / User name
1
(MACHINE\Administrators)
2
Everyone
3
(INTERACTIVE)
4
NETWORK
5
(SYSTEM)
Table 03
Fig. 12
For all authorizations, activate the "Permit" option box.
Then click "OK" to close the "Start authorizations" dialog window.
Fig. 13
6
Adding access authorizations
Under "Access authorizations", select the "Adapt" option (see Fig.11 ( 36 KB ) ).
Click the "Edit" button.
Add the listed group and user names in Table 04.
For all authorizations, activate the "Permit" option box.
Click "OK" to close the dialog.
No.
Group / User name
1
Administrators
2
INTERACTIVE
3
Everyone
4
NETWORK
5
(SYSTEM)
Table 04
7
Defining the end points
Switch to the "End points" tab and click on "Add".
In the dialog that opens, select the "Use default points" option and "Connection-oriented TCP/IP" as the protocol sequence.
Note: The preferred standard protocol on communication is the datagram TCP/IP. The "Connection-oriented TCP/IP" network protocol is used in this example. Here you select the network protocol you want or require.
Fig. 14
8
Defining the identity
Switch to the "Identity" tab.
Activate "The interactive user", if not yet selected.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
