The OPC Classic server is running on a different machine and is running a specific account, say opcuser. The OPC Classic client is running as another user, say u1. My goal is to configure my client machine as secure as possible using subscription/callback, thus say:
Windows Firewall is enabled
UAC is enabled
OPC Classic client is subscribing (instead of polling the server) using DCOM callback
Do the following on the client machine
Step 1. Allow DCOM inbound in Windows Firewall. Run on elevated command prompt
netsh advfirewall firewall add rule name="RPC Endpoint Mapper" dir=in action=allow protocol=TCP localport=135
Step 2. Add opcuser to Distributed COM Users
net localgroup "Distributed COM Users" /add opcuser
Step 3. Run Component Services (dcomcnfg.exe) and Distributed COM Users to Default Access Permissions
Navigate to console Root | Component Services | Computers | My Computer
Bring "My Computer" Properties
Navigate to COM Security tab
Click on Access Permissions | Edit Default...
In Access Permission, add Distributed COM Users and check allow for both Local Access and Remote Access
Step 4. Add Windows Firewall rule for the application. Below assumes the application is located in C:\opc directory.
netsh advfirewall firewall add rule name="OPC Client Inbound" dir=in action=allow program="C:\opc\oclientnet.exe" enable=yes
REF: 20250907-least
