在OPC DA通讯测试时总是避免不了要配置DCOM,我习惯是在虚拟机中装这些通讯测试软件,每次安装都需要再次手动配置,感觉很是麻烦
因此,查找资料,了解到可以用dcomperm这个软件来在命令行下进行dcom的配置,花了些时间研究,以KepServer6.4为例,写了一个配置脚本,在此留下记录,方便后续参考
在命令行下运行dcomperm,得到帮助如下图:
我使用的配置脚本如下,复制粘贴到记事本,保存为bat文件,以管理员权限执行,执行结果会记录在DCOMConfig.log日志文件中。
set CCDIR=%~dp0
SET logfile="%CCDIR%DCOMConfig.log"
@echo
%~d0 > %logfile%
echo 配置启动 >>%logfile%
echo DCOM访问权限限制 >>%logfile%
dcomperm -ma set Administrators permit level:r,l >>%logfile%
dcomperm -ma set Administrator permit level:r,l >>%logfile%
dcomperm -ma set "Authenticated Users" permit level:r,l >>%logfile%
dcomperm -ma set "Anonymous Logon" permit level:r,l >>%logfile%
dcomperm -ma set Everyone permit level:r,l >>%logfile%
dcomperm -ma set Interactive permit level:r,l >>%logfile%
dcomperm -ma set Network permit level:r,l >>%logfile%
dcomperm -ma set System permit level:r,l >>%logfile%
dcomperm -ma set Guests permit level:r,l >>%logfile%
echo DCOM访问权限默认值 >>%logfile%
dcomperm -da set Administrators permit level:r,l >>%logfile%
dcomperm -da set Administrator permit level:r,l >>%logfile%
dcomperm -da set "Authenticated Users" permit level:r,l >>%logfile%
dcomperm -da set "Anonymous Logon" permit level:r,l >>%logfile%
dcomperm -da set Everyone permit level:r,l >>%logfile%
dcomperm -da set Interactive permit level:r,l >>%logfile%
dcomperm -da set Network permit level:r,l >>%logfile%
dcomperm -da set System permit level:r,l >>%logfile%
dcomperm -da set Guests permit level:r,l >>%logfile%
echo DCOM启动权限限制 >>%logfile%
dcomperm -ml set Administrators permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Administrator permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set "Authenticated Users" permit level:r,l >>%logfile%
dcomperm -ml set "Anonymous Logon" permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Everyone permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Interactive permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Network permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set System permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Guests permit level:rl,ll,la,ra >>%logfile%
echo DCOM启动权限默认值 >>%logfile%
dcomperm -dl set Administrators permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Administrator permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set "Authenticated Users" permit level:r,l >>%logfile%
dcomperm -dl set "Anonymous Logon" permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Everyone permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Interactive permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Network permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set System permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Guests permit level:rl,ll,la,ra >>%logfile%
echo opcenum启动激活访问权限等设置 >>%logfile%
dcomperm -runas {13486D44-4821-11D2-A494-3CB306C10000} "Interactive User" >>%logfile%
dcomperm -al {13486D44-4821-11D2-A494-3CB306C10000} Default >>%logfile%
dcomperm -aa {13486D44-4821-11D2-A494-3CB306C10000} Default >>%logfile%
echo KEPServerEX 6.4启动激活访问权限等设置(注意:如果用的不是kep6.4,就在DCOM配置里找到配置的OPC服务信息更新过来) >>%logfile%
dcomperm -runas {7BC0CC8E-482C-47CA-ABDC-0FE7F9C6E729} "Interactive User" >>%logfile%
dcomperm -al {7BC0CC8E-482C-47CA-ABDC-0FE7F9C6E729} Default >>%logfile%
dcomperm -aa {7BC0CC8E-482C-47CA-ABDC-0FE7F9C6E729} Default >>%logfile%
sc config EventSystem start= auto >>%logfile%
net start EventSystem >>%logfile%
sc config COMSysApp start= auto >>%logfile%
net start COMSysApp >>%logfile%
sc config DcomLaunch start= auto >>%logfile%
net start DcomLaunch >>%logfile%
sc config TrkWks start= auto >>%logfile%
net start TrkWks >>%logfile%
sc config MSDTC start= auto >>%logfile%
net start MSDTC >>%logfile%
sc config RpcSs start= auto >>%logfile%
net start RpcSs >>%logfile%
sc config RpcLocator start= auto >>%logfile%
net start RpcLocator >>%logfile%
sc config RemoteAccess start= auto >>%logfile%
net start RemoteAccess >>%logfile%
sc config SamSs start= auto >>%logfile%
net start SamSs >>%logfile%
echo 生成其他 DCOM相关注册表文件 >>%logfile%
echo Windows Registry Editor Version 5.00 > DCOM.reg
echo. >> DCOM.reg
echo ;设置[组件服务]-[计算机]-[我的电脑]-[连接属性]默认身份验证级别为[连接]-默认模拟级别为[标识] >> DCOM.reg
echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle] >> DCOM.reg
echo "EnableDCOM"="Y" >> DCOM.reg
echo "LegacyAuthenticationLevel"=dword:00000002 >> DCOM.reg
echo "LegacyImpersonationLevel"=dword:00000002 >> DCOM.reg
echo. >> DCOM.reg
echo ;设置[组件服务]-[计算机]-[我的电脑]-[DCOM配置]-[opcEnum]-身份验证级别为[连接]-终结点为[面向连接的TCP/IP]-属性为[使用默认终结点] >> DCOM.reg
echo [HKEY_CLASSES_ROOTAppID{13486D44-4821-11D2-A494-3CB306C10000}] >> DCOM.reg
echo @="OpcEnum" >> DCOM.reg
echo "AuthenticationLevel"=dword:00000002 >> DCOM.reg
echo "EndPoints"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,69,00,70,00,5f,00,74,00, >> DCOM.reg
echo 63,00,70,00,2c,00,30,00,2c,00,00,00,00,00 >> DCOM.reg
echo. >> DCOM.reg
echo ;设置[本地安全和组策略]-[本地策略]-[安全选项]-[网络访问]本地账户的共享安全模型-[经典-对本地用户进行身份验证,不改变其本来身份] >> DCOM.reg
echo [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsa] >> DCOM.reg
echo "forceguest"=dword:00000000 >> DCOM.reg
echo. >> DCOM.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa] >> DCOM.reg
echo "forceguest"=dword:00000000 >> DCOM.reg
echo ;设置[本地安全和组策略]-[本地策略]-[安全选项]-[网络安全:LAN管理器身份验证级别] >> DCOM.reg
echo ;"LmCompatibilityLevel"=dword:00000001 >> DCOM.reg
echo 导入 DCOM相关注册表 >>%logfile%
regedit /s DCOM.reg
del DCOM.reg
echo 配置完成 >>%logfile%
仔细看代码中如下图所示位置:
上图红框中是是应用程序ID,如果你使用的软件和我的版本不一致(或者不是这个OPCServer服务端),需要更换成你所使用软件的应用ID,查看ID方法如下图所示:
dcomperm软件自行下载.我所使用的信息如下图:
再次说明,要以管理员权限运行...