Step 1 (for client or server): Configuring domain user accounts

Shared domain for OPC Classic client and server

If your OPC Classic server and OPC Classic client are on different computers, both computers need to be in the same Windows domain. This is required for centralized authentication, and will affect the user account configuration requirements.

Domain user or domain group accounts

NOTE: It is necessary to use domain user accounts or domain group accounts to run OPC Classic servers and clients for Proficy CSense. A workgroup environment is not supported.

Domain users need to precede their username with their domain name—for example, MyDomain\MyUserName. The same is relevant for user groups.

Take note of the type of user account you are using when logging into an OPC Classic server or client, and remain consistent throughout DCOM configuration. This applies whether you are using individual users or groups of users.

Domain user account names and passwords are set up and validated only once on the Domain Controller, validating the name and password. These domain accounts are then referenced during DCOM configuration. You will not set up the domain username and password on each computer in the domain.

Running CSense services in a domain account

Certain CSense services need to run in a domain account for DCOM and some of those services need to be run in the same account. So, to run these services you need to be a domain user with local administrator rights. A SQL login also needs to be created for that domain user. The details for configuring the domain, the domain user, and the SQL login are explained below.

• Domain setup

• Domain_user_configuration

• SQL_Server_login_configuration

Domain setup

A domain authentication architecture provides the lowest cost solution (from a maintenance perspective) for DCOM security. If you are using a domain, then follow these general setup guidelines:

1. Create a new domain group and give this group administrative rights. Users part of this group will be allowed to launch the OPC Classic server and access its objects.

2. Add the new group to the launch permissions and access permissions for the OPC Classic server. Do this using DCOMCNFG.

3. Make all new user accounts that run an OPC Classic client or server application part of this new group.

Domain user configuration

The user account needs to be changed to a domain user account. This needs to be done on both the OPC Classic client machine and the OPC Classic server machine.

 

Go to Start > Administrative Tools > Computer Management > Local Users and Groups and add the user to the Administrators group.

SQL Server login configuration

Create a SQL Server login for the domain account in which the CSense services will run. You can do this in SQL Server Management Studio under Security > Logins.

For this new SQL Server login, the following must be configured:

• In SQL Server Management Studio, under Databases > ProficyCSenseRuntime > Security > Users, create a new database user that maps to the SQL Server login created above.

• Assign the following database roles to the database user created above

  • csense_admin

  • csense_execute

  • csense_cache

CSense service check (OPC Classic client only)

 

If you are configuring the machine with the OPC Classic client, make sure that each of the following services run in the same domain account created above. This is configured on the Log On tab of the property sheet for each services.

• Proficy CSense Run-time

• Proficy CSense Run-time List Server

---

Related:

• What needs to be configured?

Configuring the OPC Classic server:

• Step 1: Configuring domain user accounts

• Step 2: Configuring firewall settings

• Step 3: Configuring server-specific DCOM settings

• Step 4: Configuring the OPCEnum settings

Configuring the OPC Classic client:

• Step 1: Configuring domain user accounts

• Step 2: Configuring firewall settings

• Step 3: Configuring client-specific DCOM settings