Windows 7 Professional Firewall configuration for OPC Server and OPC Client PC.

Default Windows 7 Professional enables the build-in firewall.

If Firewall protection is required, the firewall has to be configured to allow OPC via DCOM.

Windows Firewall configuration for OPC via DCOM.

The Firewall has to be configured on both Server and Client PC.

1] Enable Firewall
Log on as Administrator
Open Windows Firewall via Control Panel – System and Security – Windows Firewall
Select Turn Windows Firewall on or off.

Make sure that the firewall is on and press OK.

2] Allow programs through Windows Firewall
Programs to allow through the Windows Firewall for OPC connection to Entis Pro are:

On OPC Client PC:

The OPC client(s), in this example Matrikon OPC Explorer (default in: C:\Program
Files\Matrikon\OPC\Common\OPCExplorer.exe)

On Entis Pro OPC Server PC:

The Entis Pro OPC Server (default in: C:\Program Files\Entis Pro\Executables\DataServer.exe)

On both OPC Client and Entis Pro OPC Server PC:

OPCEnum.exe (default in C:\WINDOWS\system32\Opcenum.exe)

Open Windows Firewall via Control Panel – System and Security – Windows Firewall
Select Allow a program or feature through Windows Firewall.
Select Change Settings.

Select Allow another program…

Select Browse and browse to C:\Program Files\Enraf\Entis Pro\Executables\DataServer.exe

Select DataServer.exe and click open

Select Add to add DataServer.exe to the list

Select Allow another program…

Select Browse and browse to C:\Windows\System32\OPCENUM.exe

Select OPCENUM.exe and click open

Select Add to add OPCENUM.exe to the list

Make sure that DataServer.exe and OpcEnum.exe are available and selected for the required
network and press OK.

Repeat above steps to allow the OPC Client application through Windows Firewall on the
Client PC (Instead of the Entis Pro DataServer the OPC Client must be allowed)
DCOM configuration on both OPC Server and OPC Client PC

Because of the improved security DCOM needs to be configured for OPC communication.

1] Log on as Administrator and open dcomcnfg via Windows flag key + R key

2] Expand Component Services, select Computers, Select My Computer and open Properties via
a right mouse click on My Computer
3] Select the Default Properties Tab.
Make sure that “Enable Distributed COM on this computer” is ticked, “Default Authentication
Level is set to “Connect” and “Default Impersonation Level” is set to “Identify”.
4] Select the Com Security Tab. All 4 permission configurations have to be edited.
5] Open Access Permissions: Edit Limits
Enable also Remote Access for ANONYMOUS LOGON users.
6] Open Launch and Activation Permissions: Edit Limits
Enable also Remote Launch and Remote Activation for Everyone users.
7] Open Access Permissions: Edit Default.
Add group Everyone.
Enable also Remote Access for the Everyone group.
8] Open Launch and Activation Permissions: Edit Default.
Add group Everyone.
Enable also Remote Launch, Local Activation and Remote Activation for the Everyone group.