Dcom security and Configuration
Download 311.88 Kb. View original pdf
|
- Navigate this page:
- Parent topic
| Parent topic: Prerequisites Required accounts To configure DCOM, you need to create the appropriate accounts for your configuration. Your OPC server and OPC client deployment determines the required accounts, as follows If the OPC server and client run on separate computers in the same Windows domain, use lowest privileged domain accounts If the OPC server and client run on separate computers indifferent, untrusted Windows domains (or are not members of a domain, you must create identical local accounts (same username and password) on both computers. These service accounts must have password expiration disabled. OSIsoft recommends that you not use this approach, because it requires you to maintain multiple identical local accounts. OSIsoft recommends that you create highly privileged OPC administrator accounts and less privileged user accounts, as follows OPC administrator account : On the domain controller, configure a privileged OPC administrator account. Assign this account to the user who configures and controls access to OPC software and data. The administrator account must be a member of the Administrators group. As a member of this group, the administrator account has full and unrestricted access to the local computer OPC user accounts For users who need access to OPC data but who do not configure the software or system, create accounts with the minimum level of permissions required. These users can run the OPC Page 8 ©2022 AVEVA Group plc and its subsidiaries. All rights reserved. DCOM Security and Configuration DCOM configurations for OPC client application and connect to the OPC server. If the server and client computers do not share a common domain, create identical local accounts on both computers. Parent topic: Prerequisites Virtual service accounts Furthermore, in Windows Server 2008 Rand Windows 7, the virtual service account was introduced. This account type is defined as NT Service\ Depending on the version of the Windows operating system that one is utilizing, Service Hardening can be implemented using either a low-privileged Windows account in conjunction with a per-service security identifier (SID), a virtual service account, or a combination of both. Parent topic: Prerequisites Security configuration for PI Interface for OPC DA Most OPC servers do not support OPC security. Verify that your OPC server supports security before enabling this option. If your OPC server requires clients to use OPC security, enable OPC security and select NT security or Download 311.88 Kb. Share with your friends:
|