If the computers involved in sending and receiving data via the OPC DA protocol are not joined to an Active Directory domain, create user accounts with the same name and password for each of these computers.
To establish an OPC DA connection, configure access permissions for the Distributed Component Object Model (DCOM) protocol.
On the computer with Kaspersky Security Gateway and SCADA-system installed, between which you want to configure interaction, press the Win+R key combination.
The standard Microsoft Window Run window opens.
Enter dcomcnfg in the Open field and press OK.
The Component Services window opens.
In the left part of the window, in the folder tree, select Component Services → Computers → My Computer.
Open the context menu of the My Computer folder and select Properties.
Select the COM Security tab in the My Computer Properties window.
Under Access Permissions, click Edit Default.
This opens the Access Permission window.
Under Group or user names, select the NETWORK SERVICE group.
In the table of permissions for the NETWORK SERVICE group, in the Allow column, select the Local Access and Remote Access check boxes.
Select the Default Properties tab and make sure that the following values are configured: Default Authentication Level –Connect, Default Impersonation Level – Identify.
Click OK.
Click the OK button in the Properties: My Computer window.
In the left part of the window, in the folder tree, select Component Services → Computers → My Computer.
Open the context menu of the My Computer folder and select Properties.
Select the COM Security tab in the My Computer Properties window.
In the Access Permission section, click the Edit Limits button.
This opens the Access Permission window.
In the Group or user names section, select the ANONYMOUS LOGON group.
In the table of permissions for the ANONYMOUS LOGON group, in the Allow column, select the Local Access and Remote Access check boxes.
Allowing remote access to the ANONYMOUS LOGON group affects the security level of the system. We recommend testing the functioning of the OPC DA protocol without this permission and grant the permission only if working without it is impossible.
Under Access Permissions, click Edit Default and retrace steps 7 through 8 of the instructions.
Under Launch and Activation Permissions, click Edit Limits and retrace steps 7 through 8 of the instructions.
Under Launch and Activation Permissions, click Edit Default and retrace steps 7 through 8 of the instructions.
On the Default Properties tab, make sure that the following values are configured: Default Authentication Level –Connect, Default Impersonation Level – Identify.
Click OK.
Click the OK button in the Properties: My Computer window.
Configure the OPCEnum application.
In the left part of the window, in the folder tree, select Component Services → Computers → My Computer → DCOM Config → OPCEnum.
Right-click to bring up the context menu of OPCEnum and select Properties.
This opens the Properties: OPCEnum window.
On the General tab, make sure that Default Authentication Level is set to Connect.
On the Security tab, under Launch and Activation Permissions, click Edit.
Under Group or user names, select the All group.
In the permission table of the All group, in the Allow column, select the Local Access, Remote Access, Local Activation, Remote Activation check boxes.
Under Access Permissions section, click the Edit button.
Under Group or user names, select the All group.
In the table of permissions for the All group, in the Allow column, select the Local Access and Remote Access check boxes.
On the Identity tab, select The system account.
Click OK.
Restart the computer.
On the computer where the Kaspersky Security Gateway utility is installed:
Press the Win+R key combination.
The standard Microsoft Window Run window opens.
Enter dcomcnfg in the Open field and press OK.
The Component Services window opens.
In the left part of the window, in the folder tree, select Component Services → Computers → My Computer → DCOM Config → Kaspersky Gateway OPC Service.
Open the context menu of Kaspersky Gateway OPC Service and select Properties.
This opens the Properties: Kaspersky Gateway OPC Service window.
On the General tab, make sure that Default Authentication Level is set to Connect.
Click OK.
If Kaspersky Security Gateway and the SCADA system are installed on computers that belong to different domains:
In the operating system, open Control Panel – Administrative Tools – Local Security Policy.
In the local security policy console tree, select the Local Policies – Security Options section.
In the workspace of the Security Options section, in the context menu of the Network access: Let Everyone permissions apply to anonymous users local policy, select Enabled.