Updating System-wide COM/DCOM Limit Settings

About this task

This procedure modifies the system-wide DCOM settings for the computer on Windows XP and Windows Vista operating systems. When these steps are implemented, they apply to all programs that use COM/DCOM communications on the computer.
Important: Be careful when making any system-wide security changes. Any inadvertent changes may affect the entire system and may cause some or all programs to stop working.

Procedure

  1. 1. On the Component Services dialog box, expand Component Services, then expand the Computers item.
  2. Right-click My Computer and choose Properties.
    The My Computer Properties dialog box appears.
  3. Click the COM Security tab.
    There are four permissions on this dialog box. You may need to make changes to the Edit Limitsfor Access Permissions and Launch and Activation Permissions.
    Note: Do not change the Edit Defaultsettings, since this will change the default settings for all programs and applications running on the computer.
  4. Click Access Permissions > Edit Limits.
    The Access Permission dialog box appears
    1. Select the user labeled ANONYMOUS LOGON, and then select the Allow check box for Remote Access.
      Note: This setting is necessary for applications that use OPCenum.exe to function and also for some OPC Servers and OPC Clients that set their DCOM Authentication Levelto 'None' to allow anonymous connections. If you do not use such applications, you may not need to enable remote access for anonymous logon users.
    2. Select the user labeled Everyone, and then select the Allow check box for Remote Access.
      Important: Since "Everyone" includes all authenticated users, it is recommended to add these permissions to a smaller subset of users. One way of doing this is to create a Group named "OPC" and add all user accounts to this Group that will access any OPC server. Then substitute "OPC" everywhere that "Everyone" appears in the entire DCOM configuration dialogs.
    3. Click OK to close the Access Permissions dialog box and return to the My Computer Properties dialog box.
  5. Click Launch and Activation Permissions > Edit Limits....
    The Launch Permission dialog box appears. For each user or group (preferably add the OPCgroup) that needs to launch or activate the OPC server, or participates in OPC / DCOM communications. Make sure that the Local Launch, Remote Launch, Local Activation, and Remote Activation check boxes are selected.
  6. Click OK to save your changes, then click OK again to save and close the My Computer Properties dialog box.