×
Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 44443989, Entry date: 12/06/2017
(0)
Rate

Why are the DCOM settings of the WinCC OPC server reset after activating the OS Runtime?

  • Entry
  • Associated product(s)
This entry applies for PCS 7 V7.1 and higher. In PCS 7 V7.0 and PCS 7 V6.x the DCOM settings remain unchanged after activating the OS Runtime.

On the SIMATIC PCS 7 OS server the security settings required for operating the PCS 7 system and the OPC communication (OPC server and OPC client) are defined automatically by the SIMATIC Security Control application (SSC) or by the SIMATIC Security Controller application (SC) for PCS 7 V8.0 and higher. These include the configuration of the local Windows firewall, diverse Registry entries and other DCOM permissions.

DCOM permissions
The DCOM permissions of the components required for the OPC communication are assigned to the local user group "SIMATIC HMI".

WinCC operating mode
Depending on the operating mode of the PCS 7 OS server (WinCC - Standard mode (compatibility mode) or WinCC - Service mode), some DCOM components, in particular the OPC server, are operated with different identities.

  • In the Standard mode the "interactive user" (logged-in Windows user) is used.

  • In the Service mode the user stored in the WinCC Service mode is used.

Note
Both the logged-in user and the Service mode user must be members of the user group "SIMATIC HMI".

Assigning rights
Each time the PCS 7 OS server starts the user identity of the OPC server is changed according to the WinCC operating mode. In order to ensure a uniform chain of rights, you should not intervene manually in this process nor make any changes to the rights assignment, because other WinCC components are affected by this.
In particular, in the case of increased security requirements you should not use the right of "Refusal", but the required limitation of use should be made by withdrawing the relevant right.

Further Information
Further information is available in the manuals listed below under "Notes on OPC".

Procedure and settings in the case of different login data of OPC client and OPC server
If the OPC client uses login data (user name, password) for accessing the WinCC OPC server that is different to that used by the OS Runtime, you must proceed as follows according to the PCS 7 version.

PCS 7 V8.1 & V8.2

According to the manual WinCC V7.4 SP1 - General information and Installation.
According to the manual WinCC V7.4 - General Information and Installation.
According to the manual WinCC V7.3 - General Information and Installation.

The relevant information is in the manual under "ServiceMode" and in the section entitled WinCC Installation Notes > Installation Requirements > Access Rights in the Operating System (reference to the SIMATIC HMI group)


PCS 7 V8.0 SP1

According to the manualWinCC V7.2: Installation / Release Notes.
The relevant information is in the sections below:

PCS 7 V7.1 and PCS 7 V8.0
According to the manualWinCC V7.0 - Configurations.
The relevant information is in chapter 4WinCC ServiceMode
Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
https://www.siemens.com/cybersecurity#Ouraspiration.