• OPC DA通讯 KEP6.4 DCOM 配置脚本


    在OPC DA通讯测试时总是避免不了要配置DCOM,我习惯是在虚拟机中装这些通讯测试软件,每次安装都需要再次手动配置,感觉很是麻烦
    因此,查找资料,了解到可以用dcomperm这个软件来在命令行下进行dcom的配置,花了些时间研究,以KepServer6.4为例,写了一个配置脚本,在此留下记录,方便后续参考

    在命令行下运行dcomperm,得到帮助如下图:

    我使用的配置脚本如下,复制粘贴到记事本,保存为bat文件,以管理员权限执行,执行结果会记录在DCOMConfig.log日志文件中。

    set CCDIR=%~dp0
    SET logfile="%CCDIR%DCOMConfig.log"
    @echo
    
    %~d0 > %logfile%
    echo 配置启动 >>%logfile%
    
    echo DCOM访问权限限制 >>%logfile%
    dcomperm -ma set Administrators permit level:r,l >>%logfile%
    dcomperm -ma set Administrator permit level:r,l >>%logfile%
    dcomperm -ma set "Authenticated Users" permit level:r,l >>%logfile%
    dcomperm -ma set "Anonymous Logon" permit level:r,l >>%logfile%
    dcomperm -ma set Everyone permit level:r,l >>%logfile%
    dcomperm -ma set Interactive permit level:r,l >>%logfile%
    dcomperm -ma set Network permit level:r,l >>%logfile%
    dcomperm -ma set System permit level:r,l >>%logfile%
    dcomperm -ma set Guests permit level:r,l >>%logfile%
    
    echo DCOM访问权限默认值 >>%logfile%
    dcomperm -da set Administrators permit level:r,l >>%logfile%
    dcomperm -da set Administrator permit level:r,l >>%logfile%
    dcomperm -da set "Authenticated Users" permit level:r,l >>%logfile%
    dcomperm -da set "Anonymous Logon" permit level:r,l >>%logfile%
    dcomperm -da set Everyone permit level:r,l >>%logfile%
    dcomperm -da set Interactive permit level:r,l >>%logfile%
    dcomperm -da set Network permit level:r,l >>%logfile%
    dcomperm -da set System permit level:r,l >>%logfile%
    dcomperm -da set Guests permit level:r,l >>%logfile%
    
    echo DCOM启动权限限制 >>%logfile%
    dcomperm -ml set Administrators permit level:rl,ll,la,ra >>%logfile%
    dcomperm -ml set Administrator permit level:rl,ll,la,ra >>%logfile%
    dcomperm -ml set "Authenticated Users" permit level:r,l >>%logfile%
    dcomperm -ml set "Anonymous Logon" permit level:rl,ll,la,ra >>%logfile%
    dcomperm -ml set Everyone permit level:rl,ll,la,ra >>%logfile%
    dcomperm -ml set Interactive permit level:rl,ll,la,ra >>%logfile%
    dcomperm -ml set Network permit level:rl,ll,la,ra >>%logfile%
    dcomperm -ml set System permit level:rl,ll,la,ra >>%logfile%
    dcomperm -ml set Guests permit level:rl,ll,la,ra >>%logfile%
    
    echo DCOM启动权限默认值 >>%logfile%
    dcomperm -dl set Administrators permit level:rl,ll,la,ra >>%logfile%
    dcomperm -dl set Administrator permit level:rl,ll,la,ra >>%logfile%
    dcomperm -dl set "Authenticated Users" permit level:r,l >>%logfile%
    dcomperm -dl set "Anonymous Logon" permit level:rl,ll,la,ra >>%logfile%
    dcomperm -dl set Everyone permit level:rl,ll,la,ra >>%logfile%
    dcomperm -dl set Interactive permit level:rl,ll,la,ra >>%logfile%
    dcomperm -dl set Network permit level:rl,ll,la,ra >>%logfile%
    dcomperm -dl set System permit level:rl,ll,la,ra >>%logfile%
    dcomperm -dl set Guests permit level:rl,ll,la,ra >>%logfile%
    
    echo opcenum启动激活访问权限等设置 >>%logfile%
    dcomperm -runas {13486D44-4821-11D2-A494-3CB306C10000} "Interactive User" >>%logfile%
    dcomperm -al {13486D44-4821-11D2-A494-3CB306C10000} Default >>%logfile%
    dcomperm -aa {13486D44-4821-11D2-A494-3CB306C10000} Default >>%logfile%
    
    
    echo KEPServerEX 6.4启动激活访问权限等设置(注意:如果用的不是kep6.4,就在DCOM配置里找到配置的OPC服务信息更新过来) >>%logfile%
    dcomperm -runas {7BC0CC8E-482C-47CA-ABDC-0FE7F9C6E729} "Interactive User" >>%logfile%
    dcomperm -al {7BC0CC8E-482C-47CA-ABDC-0FE7F9C6E729} Default >>%logfile%
    dcomperm -aa {7BC0CC8E-482C-47CA-ABDC-0FE7F9C6E729} Default >>%logfile%
    
    sc config EventSystem start= auto >>%logfile%
    net start EventSystem >>%logfile%
    sc config COMSysApp start= auto >>%logfile%
    net start COMSysApp >>%logfile%
    sc config DcomLaunch start= auto >>%logfile%
    net start DcomLaunch >>%logfile%
    sc config TrkWks start= auto >>%logfile%
    net start TrkWks >>%logfile%
    sc config MSDTC start= auto >>%logfile%
    net start MSDTC >>%logfile%
    sc config RpcSs start= auto >>%logfile%
    net start RpcSs >>%logfile%
    sc config RpcLocator start= auto >>%logfile%
    net start RpcLocator >>%logfile%
    sc config RemoteAccess start= auto >>%logfile%
    net start RemoteAccess >>%logfile%
    sc config SamSs start= auto >>%logfile%
    net start SamSs >>%logfile%
    
    echo 生成其他 DCOM相关注册表文件  >>%logfile%
    echo Windows Registry Editor Version 5.00 > DCOM.reg
    echo. >> DCOM.reg
    echo ;设置[组件服务]-[计算机]-[我的电脑]-[连接属性]默认身份验证级别为[连接]-默认模拟级别为[标识] >> DCOM.reg
    echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle] >> DCOM.reg
    echo "EnableDCOM"="Y" >> DCOM.reg
    echo "LegacyAuthenticationLevel"=dword:00000002 >> DCOM.reg
    echo "LegacyImpersonationLevel"=dword:00000002 >> DCOM.reg
    echo. >> DCOM.reg
    echo ;设置[组件服务]-[计算机]-[我的电脑]-[DCOM配置]-[opcEnum]-身份验证级别为[连接]-终结点为[面向连接的TCP/IP]-属性为[使用默认终结点] >> DCOM.reg
    echo [HKEY_CLASSES_ROOTAppID{13486D44-4821-11D2-A494-3CB306C10000}] >> DCOM.reg
    echo @="OpcEnum" >> DCOM.reg
    echo "AuthenticationLevel"=dword:00000002 >> DCOM.reg
    echo "EndPoints"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,69,00,70,00,5f,00,74,00, >> DCOM.reg
    echo   63,00,70,00,2c,00,30,00,2c,00,00,00,00,00 >> DCOM.reg
    echo. >> DCOM.reg
    echo ;设置[本地安全和组策略]-[本地策略]-[安全选项]-[网络访问]本地账户的共享安全模型-[经典-对本地用户进行身份验证,不改变其本来身份] >> DCOM.reg
    echo [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsa] >> DCOM.reg
    echo "forceguest"=dword:00000000 >> DCOM.reg
    echo. >> DCOM.reg
    echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa] >> DCOM.reg
    echo "forceguest"=dword:00000000 >> DCOM.reg
    echo ;设置[本地安全和组策略]-[本地策略]-[安全选项]-[网络安全:LAN管理器身份验证级别] >> DCOM.reg
    echo ;"LmCompatibilityLevel"=dword:00000001 >> DCOM.reg
    echo 导入 DCOM相关注册表  >>%logfile%
    
    regedit /s DCOM.reg
    del DCOM.reg
    echo 配置完成 >>%logfile%
    
    

    仔细看代码中如下图所示位置:

    上图红框中是是应用程序ID,如果你使用的软件和我的版本不一致(或者不是这个OPCServer服务端),需要更换成你所使用软件的应用ID,查看ID方法如下图所示:

    dcomperm软件自行下载.我所使用的信息如下图:

    再次说明,要以管理员权限运行...

  • 相关阅读:
    redis 报错随笔
    ElasticSearch restful实操 随笔
    phantomjs
    Linux环境安装安装NodeJS v10.16.3
    huawei 策略路由随笔
    eleasticsearch 安装-随笔
    cmake编译安装mysql
    postgres主从配置
    postgresql数据库部署
    redis环境部署
  • 原文地址:https://www.cnblogs.com/guyk/p/11528738.html
Copyright © 2020-2023  润新知