ACM versions 9.1 and later are designed to will automatically work automatically with versions of Windows that have been updated with the DCOM Hardening supportsecurity changes. However, there are cases where this behavior is not desirable. You can customize your ACM settings if you have the need ACM settings can be customized to run ACM 9.1 and later without the DCOM Hardening changes, or if .
If you have a version of ACM prior to 9.1 and need to make it work .0.X or earlier, you can also use ACM settings to run ACM in a DCOM Hardened environment.
...
Note |
---|
The following instructions involve changes to the Windows registry. Any changes to the Windows registry must be made with extreme care. |
Table of Contents | ||||||
---|---|---|---|---|---|---|
|
ACM 9.1 and Later
Info |
---|
By default, ACM 9.1 and later will work automatically with the DCOM Hardening changes. |
Disabling DCOM Hardening in ACM 9.1 and Later
If you do not want ACM 9.1 to use security settings compatible with DCOM Hardening, the behavior can be changed by modifying the Windows registry. The instructions below describe the changes required to disable the DCOM Hardening related changes in ACM 9.1
Open the Windows Registry Editor and navigate to the ACM settings location
For the 64-bit version of ACM, the location is:
HKEY_LOCAL_MACHINE\Software\AutomationSolutions\Communication Manager
For the 32-bit version of ACM, the location is:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AutomationSolutions\Communication Manager
Click ‘Communication Manager’ in the left-hand tree view so it is the selected node.
Right-click in the empty space of the right-hand pane and select ‘New > DWORD (32-bit) Value’
Change the name to: AuthLevel
Change the value to: 2
The new entry should look like the one shown below, outlined in red:
...
Info |
---|
ACM must be re-started for the changes to take affect. |
...
Re-enabling DCOM Hardening in ACM 9.1 and Later
If you disabled DCOM Hardening in ACM 9.1 and later according to the instructions above and wish to re-enable it, you can do so following these instructions.
Open the Windows Registry Editor and navigate to the ACM settings location
For the 64-bit version of ACM, the location is:
HKEY_LOCAL_MACHINE\Software\AutomationSolutions\Communication Manager
For the 32-bit version of ACM, the location is:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AutomationSolutions\Communication Manager
Click ‘Communication Manager’ in the left-hand tree view so it is the selected node.
Right click the entry named “AuthLevel” in the right-hand pane.
Click “Delete”
Info |
---|
ACM must be re-started for the changes to take affect. |
ACM 9.1 Security Settings in the Windows Event Log
ACM 9.1 writes the security settings in use to the Windows Event Log. You can verify the settings in use by starting ACM and then looking at the event details of the entry from the source “asiDATA”.
When the DCOM Hardening changes are enabled, the event log details show:
Using DCOM settings: Authentication = Packet Integrity (5); Impersonation = Identify (2)
When the DCOM Hardening changes are disabled, the event log details show:
Using DCOM settings: Authentication = Connect (2); Impersonation = Identify (2)
ACM 9.0.X and Earlier
Info |
---|
By default, ACM 9.0.X and earlier will not automatically work with the DCOM Hardening changes. |
Enabling DCOM Hardening changes for ACM 9.0.X and Earlier
Note |
---|
Prior to enabling DCOM hardening changes with ACM, ensure that your client applications are compatible. Failure to do so could lead to unexpected outages and data loss. |
If you have a version of ACM prior to 9.1 and need to use security settings compatible with DCOM Hardening, you can enable the DCOM Hardening support by modifying the Windows registry. The instructions below describe the changes required to enable DCOM Hardening support in ACM versions prior to 9.1
Open the Windows Registry Editor and navigate to the ACM settings location
For the 64-bit version of ACM, the location is:
HKEY_LOCAL_MACHINE\Software\AutomationSolutions\Communication Manager
For the 32-bit version of ACM, the location is:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AutomationSolutions\Communication Manager
Click ‘Communication Manager’ in the left-hand tree view so it is the selected node.
Right-click in the empty space of the right-hand pane and select ‘New > DWORD (32-bit) Value’
Change the name to: AuthLevel
Change the value to: 5
The new entry should look like the one shown below, outlined in red:
...
Info |
---|
ACM must be re-started for the changes to take affect. |
Disabling DCOM Hardening in ACM 9
...
When the DCOM Hardening changes are enabled, the event log details show:
Using DCOM settings: Authentication = Packet Integrity (5); Impersonation = Identify (2)
When the DCOM Hardening changes are disabled, the event log details show:
...
.0.X and Earlier
If you enabled DCOM Hardening in ACM 9.0.X and earlier according to the instructions above and wish to disable it again, you can do so following these instructions:
Open the Windows Registry Editor and navigate to the ACM settings location
For the 64-bit version of ACM, the location is:
HKEY_LOCAL_MACHINE\Software\AutomationSolutions\Communication Manager
For the 32-bit version of ACM, the location is:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AutomationSolutions\Communication Manager
Click ‘Communication Manager’ in the left-hand tree view so it is the selected node.
Right click the entry named “AuthLevel” in the right-hand pane.
Select “Modify”
Change the value to: 2
Click OK
The new entry should look like the one shown below, outlined in red:
...
Info |
---|
ACM must be re-started for the changes to take affect. |
AUTOSOL Enterprise Server (AES)
AES no longer receives updates or fixes. It will not be compatible with DCOM Hardening changes.