Installation - Configuring DCOM
What is DCOM?
COM is the protocol to let applications communicate with each other. Distributed COM or DCOM allows applications that are not on the same PC to communicate over the network.
DCOM is ented on the network protocol that is available on your computer. Most commonly it runs on top of TCP/IP. However, in case your network is connected to the internet by means of using PRODBX, it might be a good idea to use a different protocol to secure your network of possible hacking.
DCOM is standard available starting from Windows NT4 and Windows 98/2. For earlier versions you must install additional software. PRODBX is never tested on these earlier platforms.
How to configure DCOM?
You can find the DCOM configurator in your system32 directory of windows. Run the program dcomcnfg.exe by typing it on a command prompt or using the run options in windows.
For Windows NT4, 2000, 98 and Me you'll get:
For Windows XP the configuration is slightly different. On startup you'll get the Component Services services screen:
General DCOM settings under XP can be set by right-clicking 'My Computer' en selecting 'Properties'. The application dependent settings are done in the 'DCOM Config' section under My Computer.
On other operating systems you will get similar screens. As an example we give the procedure on openVMS (DCOM v1.2). On openVMS the DCOM configurator is installed in SYS$STARTUP. Run the command file by typing @dcom$setup at the command prompt. You'll get the following screen:
By selecting option 1 you get very similar settings as under Windows. PROMES has on-hand experience configuring DCOM on openVMS. There are a lot of security issues you need to understand before setting up a reliable DCOM connection with this operating system. The choice of using NT-domain credentials through Advanced Server against using VMS-security is not so obvious. Please contact us at email@example.com if you need more information.
Tips and hints using DCOM
First: make sure DCOM is switched on. Go to the default properties tab and make sure 'Enable Distributed COM on this computer' is checked.
Authentication level. This is the section where most of the problems happen. So read the following tips:
As PRODBX is installed it configures its own applications to a recommended DCOM setting which is:
If all of the workstations in your PRODBX network are hooked up to one domain server, or different domain servers with a trusted link, we recommend to remove the network user from the list.
The kernel process of PRODBX is dispatcherserver.exe. This executable is always started on request of another application through DCOM. This makes the dispatcherserver to run under the interactive account. If you want the dispatcherserver to be started on your request, and therefore created a shortcut to the executable, the process will use the account you logged in the system. All external clients will not be able to use this process, and actually will startup a new process under the interactive user, as soon as they request a service from dispatcherserver.
It may be that you want to shutdown the dispatcherserver process, and keep it down during a maintenance procedure. However, when an external request for the dispatcherserver is received, it will start the process again. To avoid this, remove the launching permissions for the dispatcher. You will still be able to start the process by starting a client on the same machine as the dispatcherserver, but the external requests will be ignored.
DCOM only works for registered applications. The installation program is taking care of this registration. However, this registration is done on the drive and directory you specified during the installation. If later you want to move the registered PRODBX executables to different drives or directories, you might have the problem the installation program is not able to overwrite your 'old' registration with the new one. Or if you simply want to unregister and register manually, follow this procedure:
PROMES BVBA - Laarsebeekdreef 14 2900 Schoten Belgium
Tel: +32 475 87 69 38 - E-mail: firstname.lastname@example.org