在OPC DA通訊測試時總是避免不了要配置DCOM,我習慣是在虛擬機中裝這些通訊測試軟件,每次安裝都需要再次手動配置,感覺很是麻煩
因此,查找資料,了解到可以用dcomperm這個軟件來在命令行下進行dcom的配置,花了些時間研究,以KepServer6.4為例,寫了一個配置腳本,在此留下記錄,方便后續參考
在命令行下運行dcomperm,得到幫助如下圖:
我使用的配置腳本如下,復制粘貼到記事本,保存為bat文件,以管理員權限執行,執行結果會記錄在DCOMConfig.log日志文件中。
set CCDIR=%~dp0
SET logfile="%CCDIR%\DCOMConfig.log"
@echo
%~d0 > %logfile%
echo 配置啟動 >>%logfile%
echo DCOM訪問權限限制 >>%logfile%
dcomperm -ma set Administrators permit level:r,l >>%logfile%
dcomperm -ma set Administrator permit level:r,l >>%logfile%
dcomperm -ma set "Authenticated Users" permit level:r,l >>%logfile%
dcomperm -ma set "Anonymous Logon" permit level:r,l >>%logfile%
dcomperm -ma set Everyone permit level:r,l >>%logfile%
dcomperm -ma set Interactive permit level:r,l >>%logfile%
dcomperm -ma set Network permit level:r,l >>%logfile%
dcomperm -ma set System permit level:r,l >>%logfile%
dcomperm -ma set Guests permit level:r,l >>%logfile%
echo DCOM訪問權限默認值 >>%logfile%
dcomperm -da set Administrators permit level:r,l >>%logfile%
dcomperm -da set Administrator permit level:r,l >>%logfile%
dcomperm -da set "Authenticated Users" permit level:r,l >>%logfile%
dcomperm -da set "Anonymous Logon" permit level:r,l >>%logfile%
dcomperm -da set Everyone permit level:r,l >>%logfile%
dcomperm -da set Interactive permit level:r,l >>%logfile%
dcomperm -da set Network permit level:r,l >>%logfile%
dcomperm -da set System permit level:r,l >>%logfile%
dcomperm -da set Guests permit level:r,l >>%logfile%
echo DCOM啟動權限限制 >>%logfile%
dcomperm -ml set Administrators permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Administrator permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set "Authenticated Users" permit level:r,l >>%logfile%
dcomperm -ml set "Anonymous Logon" permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Everyone permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Interactive permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Network permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set System permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Guests permit level:rl,ll,la,ra >>%logfile%
echo DCOM啟動權限默認值 >>%logfile%
dcomperm -dl set Administrators permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Administrator permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set "Authenticated Users" permit level:r,l >>%logfile%
dcomperm -dl set "Anonymous Logon" permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Everyone permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Interactive permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Network permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set System permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Guests permit level:rl,ll,la,ra >>%logfile%
echo opcenum啟動激活訪問權限等設置 >>%logfile%
dcomperm -runas {13486D44-4821-11D2-A494-3CB306C10000} "Interactive User" >>%logfile%
dcomperm -al {13486D44-4821-11D2-A494-3CB306C10000} Default >>%logfile%
dcomperm -aa {13486D44-4821-11D2-A494-3CB306C10000} Default >>%logfile%
echo KEPServerEX 6.4啟動激活訪問權限等設置(注意:如果用的不是kep6.4,就在DCOM配置里找到配置的OPC服務信息更新過來) >>%logfile%
dcomperm -runas {7BC0CC8E-482C-47CA-ABDC-0FE7F9C6E729} "Interactive User" >>%logfile%
dcomperm -al {7BC0CC8E-482C-47CA-ABDC-0FE7F9C6E729} Default >>%logfile%
dcomperm -aa {7BC0CC8E-482C-47CA-ABDC-0FE7F9C6E729} Default >>%logfile%
sc config EventSystem start= auto >>%logfile%
net start EventSystem >>%logfile%
sc config COMSysApp start= auto >>%logfile%
net start COMSysApp >>%logfile%
sc config DcomLaunch start= auto >>%logfile%
net start DcomLaunch >>%logfile%
sc config TrkWks start= auto >>%logfile%
net start TrkWks >>%logfile%
sc config MSDTC start= auto >>%logfile%
net start MSDTC >>%logfile%
sc config RpcSs start= auto >>%logfile%
net start RpcSs >>%logfile%
sc config RpcLocator start= auto >>%logfile%
net start RpcLocator >>%logfile%
sc config RemoteAccess start= auto >>%logfile%
net start RemoteAccess >>%logfile%
sc config SamSs start= auto >>%logfile%
net start SamSs >>%logfile%
echo 生成其他 DCOM相關注冊表文件 >>%logfile%
echo Windows Registry Editor Version 5.00 > DCOM.reg
echo. >> DCOM.reg
echo ;設置[組件服務]-[計算機]-[我的電腦]-[連接屬性]默認身份驗證級別為[連接]-默認模擬級別為[標識] >> DCOM.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] >> DCOM.reg
echo "EnableDCOM"="Y" >> DCOM.reg
echo "LegacyAuthenticationLevel"=dword:00000002 >> DCOM.reg
echo "LegacyImpersonationLevel"=dword:00000002 >> DCOM.reg
echo. >> DCOM.reg
echo ;設置[組件服務]-[計算機]-[我的電腦]-[DCOM配置]-[opcEnum]-身份驗證級別為[連接]-終結點為[面向連接的TCP/IP]-屬性為[使用默認終結點] >> DCOM.reg
echo [HKEY_CLASSES_ROOT\AppID\{13486D44-4821-11D2-A494-3CB306C10000}] >> DCOM.reg
echo @="OpcEnum" >> DCOM.reg
echo "AuthenticationLevel"=dword:00000002 >> DCOM.reg
echo "EndPoints"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,69,00,70,00,5f,00,74,00,\ >> DCOM.reg
echo 63,00,70,00,2c,00,30,00,2c,00,00,00,00,00 >> DCOM.reg
echo. >> DCOM.reg
echo ;設置[本地安全和組策略]-[本地策略]-[安全選項]-[網絡訪問]本地賬戶的共享安全模型-[經典-對本地用戶進行身份驗證,不改變其本來身份] >> DCOM.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa] >> DCOM.reg
echo "forceguest"=dword:00000000 >> DCOM.reg
echo. >> DCOM.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] >> DCOM.reg
echo "forceguest"=dword:00000000 >> DCOM.reg
echo ;設置[本地安全和組策略]-[本地策略]-[安全選項]-[網絡安全:LAN管理器身份驗證級別] >> DCOM.reg
echo ;"LmCompatibilityLevel"=dword:00000001 >> DCOM.reg
echo 導入 DCOM相關注冊表 >>%logfile%
regedit /s DCOM.reg
del DCOM.reg
echo 配置完成 >>%logfile%
仔細看代碼中如下圖所示位置:
上圖紅框中是是應用程序ID,如果你使用的軟件和我的版本不一致(或者不是這個OPCServer服務端),需要更換成你所使用軟件的應用ID,查看ID方法如下圖所示:
dcomperm軟件自行下載.我所使用的信息如下圖:
再次說明,要以管理員權限運行...