OPC DA通讯 KEP6.4 DCOM 配置脚本
在OPC DA通讯测试时总是避免不了要配置DCOM,我习惯是在虚拟机中装这些通讯测试软件,每次安装都需要再次手动配置,感觉很是麻烦
因此,查找资料,了解到可以用dcomperm这个软件来在命令行下进行dcom的配置,花了些时间研究,以KepServer6.4为例,写了一个配置脚本,在此留下记录,方便后续参考
我使用的配置脚本如下,复制粘贴到记事本,保存为bat文件,以管理员权限执行,执行结果会记录在DCOMConfig.log日志文件中。
set CCDIR=%~dp0 SET logfile="%CCDIR%\DCOMConfig.log" @echo %~d0 > %logfile% echo 配置启动 >>%logfile% echo DCOM访问权限限制 >>%logfile% dcomperm -ma set Administrators permit level:r,l >>%logfile% dcomperm -ma set Administrator permit level:r,l >>%logfile% dcomperm -ma set "Authenticated Users" permit level:r,l >>%logfile% dcomperm -ma set "Anonymous Logon" permit level:r,l >>%logfile% dcomperm -ma set Everyone permit level:r,l >>%logfile% dcomperm -ma set Interactive permit level:r,l >>%logfile% dcomperm -ma set Network permit level:r,l >>%logfile% dcomperm -ma set System permit level:r,l >>%logfile% dcomperm -ma set Guests permit level:r,l >>%logfile% echo DCOM访问权限默认值 >>%logfile% dcomperm -da set Administrators permit level:r,l >>%logfile% dcomperm -da set Administrator permit level:r,l >>%logfile% dcomperm -da set "Authenticated Users" permit level:r,l >>%logfile% dcomperm -da set "Anonymous Logon" permit level:r,l >>%logfile% dcomperm -da set Everyone permit level:r,l >>%logfile% dcomperm -da set Interactive permit level:r,l >>%logfile% dcomperm -da set Network permit level:r,l >>%logfile% dcomperm -da set System permit level:r,l >>%logfile% dcomperm -da set Guests permit level:r,l >>%logfile% echo DCOM启动权限限制 >>%logfile% dcomperm -ml set Administrators permit level:rl,ll,la,ra >>%logfile% dcomperm -ml set Administrator permit level:rl,ll,la,ra >>%logfile% dcomperm -ml set "Authenticated Users" permit level:r,l >>%logfile% dcomperm -ml set "Anonymous Logon" permit level:rl,ll,la,ra >>%logfile% dcomperm -ml set Everyone permit level:rl,ll,la,ra >>%logfile% dcomperm -ml set Interactive permit level:rl,ll,la,ra >>%logfile% dcomperm -ml set Network permit level:rl,ll,la,ra >>%logfile% dcomperm -ml set System permit level:rl,ll,la,ra >>%logfile% dcomperm -ml set Guests permit level:rl,ll,la,ra >>%logfile% echo DCOM启动权限默认值 >>%logfile% dcomperm -dl set Administrators permit level:rl,ll,la,ra >>%logfile% dcomperm -dl set Administrator permit level:rl,ll,la,ra >>%logfile% dcomperm -dl set "Authenticated Users" permit level:r,l >>%logfile% dcomperm -dl set "Anonymous Logon" permit level:rl,ll,la,ra >>%logfile% dcomperm -dl set Everyone permit level:rl,ll,la,ra >>%logfile% dcomperm -dl set Interactive permit level:rl,ll,la,ra >>%logfile% dcomperm -dl set Network permit level:rl,ll,la,ra >>%logfile% dcomperm -dl set System permit level:rl,ll,la,ra >>%logfile% dcomperm -dl set Guests permit level:rl,ll,la,ra >>%logfile% echo opcenum启动激活访问权限等设置 >>%logfile% dcomperm -runas {13486D44-4821-11D2-A494-3CB306C10000} "Interactive User" >>%logfile% dcomperm -al {13486D44-4821-11D2-A494-3CB306C10000} Default >>%logfile% dcomperm -aa {13486D44-4821-11D2-A494-3CB306C10000} Default >>%logfile% echo KEPServerEX 6.4启动激活访问权限等设置(注意:如果用的不是kep6.4,就在DCOM配置里找到配置的OPC服务信息更新过来) >>%logfile% dcomperm -runas {7BC0CC8E-482C-47CA-ABDC-0FE7F9C6E729} "Interactive User" >>%logfile% dcomperm -al {7BC0CC8E-482C-47CA-ABDC-0FE7F9C6E729} Default >>%logfile% dcomperm -aa {7BC0CC8E-482C-47CA-ABDC-0FE7F9C6E729} Default >>%logfile% sc config EventSystem start= auto >>%logfile% net start EventSystem >>%logfile% sc config COMSysApp start= auto >>%logfile% net start COMSysApp >>%logfile% sc config DcomLaunch start= auto >>%logfile% net start DcomLaunch >>%logfile% sc config TrkWks start= auto >>%logfile% net start TrkWks >>%logfile% sc config MSDTC start= auto >>%logfile% net start MSDTC >>%logfile% sc config RpcSs start= auto >>%logfile% net start RpcSs >>%logfile% sc config RpcLocator start= auto >>%logfile% net start RpcLocator >>%logfile% sc config RemoteAccess start= auto >>%logfile% net start RemoteAccess >>%logfile% sc config SamSs start= auto >>%logfile% net start SamSs >>%logfile% echo 生成其他 DCOM相关注册表文件 >>%logfile% echo Windows Registry Editor Version 5.00 > DCOM.reg echo. >> DCOM.reg echo ;设置[组件服务]-[计算机]-[我的电脑]-[连接属性]默认身份验证级别为[连接]-默认模拟级别为[标识] >> DCOM.reg echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] >> DCOM.reg echo "EnableDCOM"="Y" >> DCOM.reg echo "LegacyAuthenticationLevel"=dword:00000002 >> DCOM.reg echo "LegacyImpersonationLevel"=dword:00000002 >> DCOM.reg echo. >> DCOM.reg echo ;设置[组件服务]-[计算机]-[我的电脑]-[DCOM配置]-[opcEnum]-身份验证级别为[连接]-终结点为[面向连接的TCP/IP]-属性为[使用默认终结点] >> DCOM.reg echo [HKEY_CLASSES_ROOT\AppID\{13486D44-4821-11D2-A494-3CB306C10000}] >> DCOM.reg echo @="OpcEnum" >> DCOM.reg echo "AuthenticationLevel"=dword:00000002 >> DCOM.reg echo "EndPoints"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,69,00,70,00,5f,00,74,00,\ >> DCOM.reg echo 63,00,70,00,2c,00,30,00,2c,00,00,00,00,00 >> DCOM.reg echo. >> DCOM.reg echo ;设置[本地安全和组策略]-[本地策略]-[安全选项]-[网络访问]本地账户的共享安全模型-[经典-对本地用户进行身份验证,不改变其本来身份] >> DCOM.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa] >> DCOM.reg echo "forceguest"=dword:00000000 >> DCOM.reg echo. >> DCOM.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] >> DCOM.reg echo "forceguest"=dword:00000000 >> DCOM.reg echo ;设置[本地安全和组策略]-[本地策略]-[安全选项]-[网络安全:LAN管理器身份验证级别] >> DCOM.reg echo ;"LmCompatibilityLevel"=dword:00000001 >> DCOM.reg echo 导入 DCOM相关注册表 >>%logfile% regedit /s DCOM.reg del DCOM.reg echo 配置完成 >>%logfile%
上图红框中是是应用程序ID,如果你使用的软件和我的版本不一致(或者不是这个OPCServer服务端),需要更换成你所使用软件的应用ID,查看ID方法如下图所示:
再次说明,要以管理员权限运行...
__EOF__
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 开发中对象命名的一点思考
· .NET Core内存结构体系(Windows环境)底层原理浅谈
· C# 深度学习:对抗生成网络(GAN)训练头像生成模型
· .NET 适配 HarmonyOS 进展
· .NET 进程 stackoverflow异常后,还可以接收 TCP 连接请求吗?
· 本地部署 DeepSeek:小白也能轻松搞定!
· 如何给本地部署的DeepSeek投喂数据,让他更懂你
· 在缓慢中沉淀,在挑战中重生!2024个人总结!
· 从 Windows Forms 到微服务的经验教训
· 李飞飞的50美金比肩DeepSeek把CEO忽悠瘸了,倒霉的却是程序员