立即与支持人员聊天
与支持团队交流

Foglight for Automation Action Packs 5.6.3.8 - System Preparation ActionPack User Guide

Services Requirements

Ensure that the Server service and Remote Registry service are running on the workstation where the COM server resides.

Local Security Settings

All settings in this section are configured using the Local Security Policy console.

To launch the console:
1
Open the Windows Control Panel.
2
Go to Administrative Tools.
3
Start the Local Security Policy. The Local Security Settings window opens.
Sharing and security model for local accounts

Navigate to Security Settings > Local Policies > Security Options > Network access: Sharing and security model for local accounts. Change the setting to Classic.

This only applies to Windows computers that are not a part of a domain.

DCOM Restrictions Policy

Make sure that the user account used has permissions to access, launch, and activate COM/DCOM/Automation objects.

To grant these permissions:
Add the user to the predefined local group: Administrators for Windows XP; or Distributed COM Users for Windows Vista, Windows 2003, Windows 2008, and Windows 7.

If you cannot grant the group permission to the user, do the following:

1
Create a local user in the Users group.
2
Navigate to Control Panel > Administrative Tools > Local Security Policy > Security Settings > Local Policies > Security Options.
3
Double-click DCOM: Machine Access Restrictions policy. Click Edit Security. Add the user created above. Enable the Remote Access option.
4
Double-click DCOM: Machine Launch Restrictions policy. Click Edit Security. Add the user created above. Enable Local Launch, Remote Launch, Local Activation, and Remote Activation options.
5
Navigate to Control Panel > Administrative Tools > Component Services > Computers. Right-click My Computer, click Properties, and open the COM Security tab.
6
In the Access Permissions section, click Edit Default. Add the user created above. Enable the Remote Access option.
7
In the Launch and Activation Permissions section, click Edit Default. Add the user created above. Enable the Local Launch, Remote Launch, Local Activation, and Remote Activation options.
 
* 
NOTE: In the Component Services section you can navigate to a specific component and grant permission from there, instead of doing so from the My Computer menu.
User Account Control
For Windows machines that are not part of a domain:
1
Open Security Settings > Local Policies > Security Options.
2
Disable the User Account Control: Run all administrators in Admin Approval Mode option.

Firewall Settings

To configure the firewall:
1
Enable all incoming traffic to the default DLL surrogate (dllhost.exe).
Create a rule that allows all incoming traffic for %systemroot%\system32\dllhost.exe.
For 64-bit systems only: create a rule that allows all incoming traffic for %systemroot%\SysWOW64\dllhost.exe.
2
Enable COM network access.
For Windows XP only: create a rule that allows all incoming traffic for TCP Port 135 (DCE/RPC Locator service).
For Windows Vista, 2003, and 2008: enable COM+ Network Access (DCOM-In) rule for active profile.
3
Enable File and Printer sharing access.
For Windows XP: enable File and Printer sharing exception rule.
For Windows Vista, 2003, and 2008: enable all rules in the File and Printer sharing group for active profile.
 
* 
NOTE: Make sure that the scope defined for rules includes the host, which runs vFoglight.

Configuration Script

Use the script below to configure the firewall.

1
On the target machine create a file named firewall-config.ps1 with the script listed below.
2
Run the script with Administrator’s privileges using the following command:
powershell -File firewall-config.ps1

 

# Copyright 2010 Quest.
# ALL RIGHTS RESERVED.
#
# PROPRIETARY/CONFIDENTIAL.
#
# This software is the confidential and proprietary information
# of Quest ("Confidential Information").
#
# You shall not disclose such Confidential Information and shall
# use it only in accordance with the terms of the license agreement
# you entered into with Quest.
#
 
$OS = Get-WmiObject Win32_OperatingSystem
$OSBuildNumber = $OS.BuildNumber
 
$OSCaption = $OS.Caption
 
$useAdvancedFirewall = $true
$COMNetworkAccessGroup = "COM+ Network Access (DCOM-In)"
if (($OSBuildNumber -eq 2600) -or ($OSBuildNumber -eq 3790)) {
$useAdvancedFirewall = $false
}
 
if ($OSBuildNumber -eq 7600) {
# Windows 7
$COMNetworkAccessGroup = "Windows Management Instrumentation (WMI)"
}
 
if ($useAdvancedFirewall) {
Echo "Configuring firewall for Windows Vista/2008/7"
netsh advfirewall firewall add rule name="DLL Host (32-Bits)" dir=in action=allow program="%systemroot%\system32\dllhost.exe"
netsh advfirewall firewall add rule name="DLL Host (64-Bits)" dir=in action=allow program="%systemroot%\SysWOW64\dllhost.exe"
netsh advfirewall firewall set rule group=$COMNetworkAccessGroup new enable=yes
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
}
else {
Echo "Configuring firewall for Windows XP/2003"
netsh firewall add allowedprogram "%systemroot%\system32\dllhost.exe" "DLL Host (32-Bits)" ENABLE
netsh firewall add allowedprogram "%systemroot%\SysWOW64\dllhost.exe" "DLL Host (64-Bits)" ENABLE
netsh firewall add portopening TCP 135 "DCE/RPC Locator service" ENABLE
netsh firewall set service FileAndPrint ENABLE}
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级