Step 1 - Configuring Default DCOM Security Options for Windows XP & 2003 Operating Systems

The following screen is opened by:

• Right-clicking on the "My Computer" node in the "Component Services" screen.
• Choosing "Properties" from the menu.
• Then click the "Default COM Security" Tab.
   
• This particular screen is not 100% identical to that of Windows NT, 2000 as there are more options in some areas, and fewer options in others... Once in this Properties screen, do click on the "Default Properties" tab first.
• The options available in this screen should be configured as:
• The Enable Distributed COM on this computer MUST be checked.
• The Default Authentication Level should be set to None.
• The Default Impersonation Level should be set to Identity
• The next step is to click on the "Default COM Security" tab, which is shown below:
• There are only 2 buttons in this screen, whereas there are 3 in Windows NT and 2000 Operating Systems.
• Click on the "Edit Default" button within the "Access Permissions " area and make sure that the following accounts exist with the "Allow Access" permissions:
• Everyone
• Interactive
• System
• Network
• IWAM_<computer-name> *
• IUSR_<computer-name> *
• Guests
• Anonymous
• Once that is complete, do the same with the "Edit Default" button in the " Launch Permissions" section and give the right "Allow Launch" to the same accounts as mentioned in the bullet-points above.
• Make the same settings under both "Edit Limits" buttons.
• Now click the OK button to save and close the window.

* If you plan to use IIS (Internet Information Services) as an OPC Client, then its login context should be added to the list of trusted accounts as shown above.

Next > Configuring OPCENUM