Update 2._DCOM_Configuration.md

SoftingIndustrial · Apr 6, 2021 · 92f6b67 · 92f6b67
1 parent e618cce
commit 92f6b67
Showing 1 changed file with 35 additions and 16 deletions.
diff --git a/documentation/2._Installation/2._DCOM_Configuration.md b/documentation/2._Installation/2._DCOM_Configuration.md
@@ -16,7 +16,7 @@ To start DCOMCNFG, select Run from the Start menu and enter DCOMCNFG. A dialog o
 
 In the left panel of the DCOMCNFG (Component Services window), expand the **Console Root** node, then expand the **Component Services** node, then expand the **Computers** node and finally select Properties row from the contextual menu over the **My Computer** item.
 
-# Bild
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/DCOMCNFG_MyComputer.png)
 
 #### Note
 ```
@@ -33,7 +33,8 @@ Under the **Default Properties** tab of the **My Computer Properties** window, m
 | Enable Distributed COM on this computer     | Checked  |
 | Default Authentication Level      | Connect  |
 | Default Impersonation Level     | Identify  |
-# Bild
+
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/DCOMCNFG_MyComputer_DefaultProperties.png)
 
 Further on, under the **COM Security** tab of the **My Computer Properties** window, make sure that the settings are configured as follows:
 
@@ -49,18 +50,23 @@ For more information on OPC Server DCOM Security settings, please see the [DCOM
 |   Parameter    | Value      | 
 | ------------- |:-------------:|
 |Access Permissions area (both Edit Limits... and Edit Default... sections)      |- Add the domain/workgroup user(s) or group of users which have remote access permissions (in order for the local OPC Clients to receive callbacks from remote OPC Servers) <br> - Mark both Local Access and Remote Access rights for this (these) user(s)/group(s)  |
-# Bild
+
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/DCOMCNFG_MyComputer_ComSecurity.png)
 
 For more information on OPC Client DCOM Security settings, please see the [DCOM Configuration for OPC Clients](82edbea3-8a73-4e82-942b-32cc9eb2111f.htm) chapter from the Deployment and Security section.
 
 **OPC Server COM Identity**
 
 In the left panel of the DCOMCNFG (Component Services window), further expand the **My Computer** node, then select the DCOM Config item. In the middle panel you will see
-# Bild
+
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/DCOMCNFG_Servers.png)
+
 To be able to connect to the OPC Server with more than one OPC Client (local or remote), the OPC Server has to run under a preconfigured user identity (to avoid having each connecting user start its own OPC Server process). This identity may be different from the users added to the OPC Servers machine Launch and Activation Permissions and also from the users added to the OPC Server`s machine Access Permissions.
 
 Yet, this identity has to be added to the OPC Client`s machine DCOM security settings, **Edit Limits...** and **Edit Default...** sections of the **Access Permissions** area.
-# Bild
+
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/DCOMCNFG_ServerIdentity.png)
+
 ### Note
 ```
 New DCOM security settings will only take effect over DCOM applications once the applications are restarted.
@@ -132,12 +138,16 @@ DCOM cannot be used across a firewall. You have to either disable the firewall t
 
 First, open the **My Computer Properties** window. Select the **Default Protocols** tab, make sure the **Connection-oriented TCP/IP** protocol is selected in the **DCOM Protocols** list and click the **Properties** button.
 
-# Bild
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/DCOMCNFG_DefaultProtocols.png)
+
 A new window will appear: **Properties for COM Internet Services**. Click the **Add** button in order to add a port range (or a list of ports) to be used by the DCOM clients and servers.
 
-# Bild
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/DCOMCNFG_DefaultProtocols_Properties.png)
+
 In the new window - **Add Port Range** - the desired port or port range can be provided. You can add as many ports or port ranges as required by your application (with respect to the number of clients/servers connected).
-# Bild
+
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/DCOMCNFG_DefaultProtocols_Properties_AddPortRange.png)
+
 ### Note
 ```
 Windows/Network Firewalls will have to be configured to allow inbound traffic on port 135 (standard DCOM port 
@@ -160,7 +170,9 @@ convenience reasons.
 Compared to the above settings, the following changes must be performed:
 
 -   The **Default Authentication Level** and **Default Impersonation Level** security settings under **Default Properties** in the DCOM configuration window of **My Computer Properties** should be set to **None** and respectively **Impersonate**.
-# Bild
+-   
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/Obsolete_DCOMCNFG_DefaultProperties.png)
+
 -   In the **Access Permissions** section, **Edit Limits...** button, make sure the users **ANONYMOUS LOGON**, **Everyone**, **INTERACTIVE**, **NETWORK** and **SYSTEM** have both **Local Access** and **Remote Access** permissions.
 
 -   In the **Access Permissions** section, **Edit Defaults...** button, make sure the users **Everyone**, **INTERACTIVE**, **NETWORK** and **SYSTEM** have both **Local Access** and **Remote Access** permissions.
@@ -171,19 +183,26 @@ Compared to the above settings, the following changes must be performed:
 
 -   For OPC Server machines it is required that the OpcEnum DCOM application and the registered OPC Servers under **Consoler Root** - **Component Services** - **Computers** - **My Computer** - **DCOM Config** have the **Authentication Level** set to **None** in the General Tab (of the properties window which can be accessed by selecting the respective DCOM service, right-clicking it and choosing Properties from the contextual menu).
 
-# Bild
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/Obsolete_OpcEnum.png)
+
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/Obsolete_GeneralServerProperties.png)
 
-# Bild
  Moreover, you will have to make sure that both the **Launch and Activation Permissions** and the **Access Permissions** are set to **Use Default** and also that the **Configuration Permissions** are set to **Customize** and the following users have both the **Full Control** and **Read** rights (open the **Change Configuration Permission** window by clicking the **Edit...** button.
-# Bild
+
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/Obsolete_SecurityServerProperties.png)
+
  In the **Identity** tab, either **The interactive user** (for OPC Servers running as Windows Applications) or **This user** (for OPC Servers running as Windows Services) must be selected, and the user logon details must be filled in where needed.
-# Bild
-# Bild
+
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/Obsolete_ServerIdentityServerProperties.png)
+
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/Obsolete_ServiceIdentityServerProperties.png)
+
 For Windows XP pre-SP2 systems, the **Local Security Policy** (**Control Panel** - **Administrative Tools** - **Local Security Policy**, **Security Settings** - **Local Policies** - **Security Options**) must have the following policies configured:
 
    -   **Network access: Let Everyone permission apply to anonymous users**: Enabled
 
     -   **Network access: Sharing and security model for local accounts**: Classic - local users authenticate as themselves
 
-# Bild
--   For Windows XP SP2 and later, the DCOM configuration distinguishes between local and remote connections. Please ensure that the permissions are also assigned for remote access. Windows XP SP2 and later has enforces restrictions for the remote **Access Permissions** and **Launch and Activation Permissions**. By default, the user **Everyone** has no remote rights. Cancel this restriction if remote access needs to be granted to everyone.
+![OPC-Classic-SDK](https://github.com/SoftingIndustrial/OPC-Classic-SDK/raw/main/documentation_pics/Obsolete_LocalSecurityPolicy.png)
+
+-   For Windows XP SP2 and later, the DCOM configuration distinguishes between local and remote connections. Please ensure that the permissions are also assigned for remote access. Windows XP SP2 and later has enforces restrictions for the remote **Access Permissions** and **Launch and Activation Permissions**. By default, the user **Everyone** has no remote rights. Cancel this restriction if remote access needs to be granted to everyone.