OPC DA 配置 (Kepserver5.21)

由于工作需要,需要配置上位机的 OPC DA 和 Kepserver5.21进行通信,但是配置过程头疼,于是有大佬写了脚本,修改了下备用。

  1. 下载一个 dcompermex 重命名 dcomperme.exe
  2. 将下列脚本保存 GB2132 格式的 dcom.bat,与上面 dcomperme.exe 同目录
set CCDIR=%~dp0
SET logfile="%CCDIR%\DCOMConfig.log"
@echo

%~d0 > %logfile%
echo 配置启动 >>%logfile%

echo DCOM访问权限限制 >>%logfile%
dcomperm -ma set Administrators permit level:r,l >>%logfile%
dcomperm -ma set Administrator permit level:r,l >>%logfile%
dcomperm -ma set "Authenticated Users" permit level:r,l >>%logfile%
dcomperm -ma set "Anonymous Logon" permit level:r,l >>%logfile%
dcomperm -ma set Everyone permit level:r,l >>%logfile%
dcomperm -ma set Interactive permit level:r,l >>%logfile%
dcomperm -ma set Network permit level:r,l >>%logfile%
dcomperm -ma set System permit level:r,l >>%logfile%
dcomperm -ma set Guests permit level:r,l >>%logfile%

echo DCOM访问权限默认值 >>%logfile%
dcomperm -da set Administrators permit level:r,l >>%logfile%
dcomperm -da set Administrator permit level:r,l >>%logfile%
dcomperm -da set "Authenticated Users" permit level:r,l >>%logfile%
dcomperm -da set "Anonymous Logon" permit level:r,l >>%logfile%
dcomperm -da set Everyone permit level:r,l >>%logfile%
dcomperm -da set Interactive permit level:r,l >>%logfile%
dcomperm -da set Network permit level:r,l >>%logfile%
dcomperm -da set System permit level:r,l >>%logfile%
dcomperm -da set Guests permit level:r,l >>%logfile%

echo DCOM启动权限限制 >>%logfile%
dcomperm -ml set Administrators permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Administrator permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set "Authenticated Users" permit level:r,l >>%logfile%
dcomperm -ml set "Anonymous Logon" permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Everyone permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Interactive permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Network permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set System permit level:rl,ll,la,ra >>%logfile%
dcomperm -ml set Guests permit level:rl,ll,la,ra >>%logfile%

echo DCOM启动权限默认值 >>%logfile%
dcomperm -dl set Administrators permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Administrator permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set "Authenticated Users" permit level:r,l >>%logfile%
dcomperm -dl set "Anonymous Logon" permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Everyone permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Interactive permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Network permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set System permit level:rl,ll,la,ra >>%logfile%
dcomperm -dl set Guests permit level:rl,ll,la,ra >>%logfile%

echo opcenum启动激活访问权限等设置 >>%logfile%
dcomperm -runas {13486D44-4821-11D2-A494-3CB306C10000} "Interactive User" >>%logfile%
dcomperm -al {13486D44-4821-11D2-A494-3CB306C10000} Default >>%logfile%
dcomperm -aa {13486D44-4821-11D2-A494-3CB306C10000} Default >>%logfile%


echo Kepware Communications Server 5.21 配置  >>%logfile%
dcomperm -runas {B3AF0BF6-4C0C-4804-A122-6F3B160F4397} "Interactive User" >>%logfile%
dcomperm -al {B3AF0BF6-4C0C-4804-A122-6F3B160F4397} Default >>%logfile%
dcomperm -aa {B3AF0BF6-4C0C-4804-A122-6F3B160F4397} Default >>%logfile%

echo Kepware Communications Server AE 5.21 配置 >>%logfile%
dcomperm -runas {9AE85BFD-12D2-4a58-9B0C-7B66764B0AC3} "Interactive User" >>%logfile%
dcomperm -al {9AE85BFD-12D2-4a58-9B0C-7B66764B0AC3} Default >>%logfile%
dcomperm -aa {9AE85BFD-12D2-4a58-9B0C-7B66764B0AC3} Default >>%logfile%

echo Kepware Communications Server Configuration Client 5.21 配置 >>%logfile%
dcomperm -runas {AE2507E7-08AE-4488-BBD1-000623A1D439} "Interactive User" >>%logfile%
dcomperm -al {AE2507E7-08AE-4488-BBD1-000623A1D439} Default >>%logfile%
dcomperm -aa {AE2507E7-08AE-4488-BBD1-000623A1D439} Default >>%logfile%

echo Kepware Communications Server HDA 5.21 配置 >>%logfile%
dcomperm -runas {18C401B6-732F-4721-A5D5-61350271C1C1} "Interactive User" >>%logfile%
dcomperm -al {18C401B6-732F-4721-A5D5-61350271C1C1} Default >>%logfile%
dcomperm -aa {18C401B6-732F-4721-A5D5-61350271C1C1} Default >>%logfile%


sc config EventSystem start= auto >>%logfile%
net start EventSystem >>%logfile%
sc config COMSysApp start= auto >>%logfile%
net start COMSysApp >>%logfile%
sc config DcomLaunch start= auto >>%logfile%
net start DcomLaunch >>%logfile%
sc config TrkWks start= auto >>%logfile%
net start TrkWks >>%logfile%
sc config MSDTC start= auto >>%logfile%
net start MSDTC >>%logfile%
sc config RpcSs start= auto >>%logfile%
net start RpcSs >>%logfile%
sc config RpcLocator start= auto >>%logfile%
net start RpcLocator >>%logfile%
sc config RemoteAccess start= auto >>%logfile%
net start RemoteAccess >>%logfile%
sc config SamSs start= auto >>%logfile%
net start SamSs >>%logfile%

echo 生成其他 DCOM相关注册表文件  >>%logfile%
echo Windows Registry Editor Version 5.00 > DCOM.reg
echo. >> DCOM.reg
echo ;设置[组件服务]-[计算机]-[我的电脑]-[连接属性]默认身份验证级别为[连接]-默认模拟级别为[标识] >> DCOM.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] >> DCOM.reg
echo "EnableDCOM"="Y" >> DCOM.reg
echo "LegacyAuthenticationLevel"=dword:00000002 >> DCOM.reg
echo "LegacyImpersonationLevel"=dword:00000002 >> DCOM.reg
echo. >> DCOM.reg
echo ;设置[组件服务]-[计算机]-[我的电脑]-[DCOM配置]-[opcEnum]-身份验证级别为[连接]-终结点为[面向连接的TCP/IP]-属性为[使用默认终结点] >> DCOM.reg
echo [HKEY_CLASSES_ROOT\AppID\{13486D44-4821-11D2-A494-3CB306C10000}] >> DCOM.reg
echo @="OpcEnum" >> DCOM.reg
echo "AuthenticationLevel"=dword:00000002 >> DCOM.reg
echo "EndPoints"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,69,00,70,00,5f,00,74,00,\ >> DCOM.reg
echo   63,00,70,00,2c,00,30,00,2c,00,00,00,00,00 >> DCOM.reg
echo. >> DCOM.reg
echo ;设置[本地安全和组策略]-[本地策略]-[安全选项]-[网络访问]本地账户的共享安全模型-[经典-对本地用户进行身份验证,不改变其本来身份] >> DCOM.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa] >> DCOM.reg
echo "forceguest"=dword:00000000 >> DCOM.reg
echo. >> DCOM.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] >> DCOM.reg
echo "forceguest"=dword:00000000 >> DCOM.reg
echo ;设置[本地安全和组策略]-[本地策略]-[安全选项]-[网络安全:LAN管理器身份验证级别] >> DCOM.reg
echo ;"LmCompatibilityLevel"=dword:00000001 >> DCOM.reg
echo 导入 DCOM相关注册表  >>%logfile%

regedit /s DCOM.reg
del DCOM.reg
echo 配置完成 >>%logfile%
  1. 管理员运行 dcom.bat

感谢大佬:https://www.cnblogs.com/guyk/p/11528738.html

评论已关闭