Home

Documentation English

1. Edition 09 2004 A5E00352920 01 2 13 Changing the settings 2 3 Reversing your changes Undo your changes to the firewall settings as follows 1 Open the firewall from the Windows taskbar using the following command Start gt Control Panel gt Windows Firewall 2 Select the Exceptions tab and uncheck the check boxes for the added exceptions SIMATIC iMap and DCOM port 135 Windows Firewall General Exceptions Advanced Windows Firewall is blocking incoming network connections except for the programs and services selected below Adding exceptions allows some programs to work better but might increase your security risk Programs and Services D File and Printer Sharing Remote Assistance D Remote Desktop O UPnP Framework Add Program Add Pott Display a notification when Windows Firewall blocks a program What are the risks of allowing exceptions 3 Click on OK to confirm the change This reverses the changes you made to the firewall settings i e restores the Windows XP SP2 security functions SIMATIC iMap Settings under Windows XP SP2 2 14 User Manual Compact Edition 09 2004 A5E00352920 01 Changing the settings 2 3 Reversing your changes Note If necessary you can remove the added exceptions SIMATIC iMap and DCOM port 135 from the Exceptions tab altogether However it is sufficient just to uncheck the check boxes This means that you can q
2. Default Protocols MSDTC COM Security m Access Permissions You may edit who is allowed default access to applications You may also set limits on applications that determine their own permissions Edit Limits Edit Default Launch and Activation Permissions You may edit who is allowed by default to launch applications or activate objects You may also set limits on applications that determine their own permissions Edit Limits Edit Default SIMATIC iMap Settings under Windows XP SP2 User Manual Compact Edition 09 2004 A5E00352920 01 2 9 Changing the settings 2 2 Changing the DCOM access permissions 4 In the Access Permission dialog select the ANONYMOUS LOGON entry and check the Allow check boxes for both Local Access and Remote Access Access Permission Security Limits Group or user names PA ANONYMOUS LOGON Piz Everyone Add Remove Permissions for ANONYMOUS LOGON Allow Deny Local Access Remote Access 5 Click on OK to confirm your input Result This completes the changes to the DCOM access permissions Caution This resets the WinXP SP2 security level to SP1 level The default setting for Windows XP SP2 only permits local access for ANONYMOUS LOGON see also the Reversing your changes section See also Reversing your changes Page 2 11 SIMATIC iMap Settings under Windows XP SP2 2 10 User Manual Compact E
3. SIEMENS SIMATIC Component Based Automation SIMATIC iMap Settings under Windows XP SP2 User Manual Compact Edition 09 2004 A5E00352920 01 SIMATIC iMap under 1 Windows XP SP2 Overview Changing the settings 2 Literature 3 Safety Guidelines PPD This manual contains notices which you should observe to ensure your own personal safety as well as to avoid property damage The notices referring to your personal safety are highlighted in the manual by a safety alert symbol notices referring to property damage only have no safety alert symbol Danger indicates an imminently hazardous situation which if not avoided will result in death or serious injury Warning indicates a potentially hazardous situation which if not avoided could result in death or serious injury Caution used with the safety alert symbol indicates a potentially hazardous situation which if not avoided may result in minor or moderate injury Caution used without safety alert symbol indicates a potentially hazardous situation which if not avoided may result in property damage Notice used without the safety alert symbol indicates a potential situation which if not avoided may result in an undesirable result or state If more than one degree of danger is present the warning notice representing the highest degree of danger will be used A notice warning of injury to persons with a safety alert symbol may a
4. SIMATIC iMap Requirements You will need administrator rights on the PG PC in order to change the security functions Discuss the changes with your network administrators or network operators if necessary Make sure that changes to the settings will not affect other installed applications Set the DCOM access permissions as follows 1 Select Start gt Run from the Windows taskbar enter DCOMCnfg and click on OK to confirm Type the name of a program Folder document or Internet resource and Windows will open it for you Open DCOMCnfg 2 In the Component Services dialog open the Console Root Component Services Computers folder select the My Computer icon from the Computers window and select Properties from the context menu right mouse button Component Services D Fie Action view Window Help m 2 O felt EE LA Console Root Computers 1 objectis B Component Services 4 Computers faj Event Viewer Local My Computer Sy Services Local Stop MS DTC Refresh all components View Properties The My Computer Properties dialog opens SIMATIC iMap Settings under Windows XP SP2 2 8 User Manual Compact Edition 09 2004 A5E00352920 01 Changing the settings 2 2 Changing the DCOM access permissions 3 Select the COM Security tab then click on the Edit Limits button My Computer Properties General Options Default Properties
5. d for all LAN connections e Unauthenticated DCOM access is prevented Effects on SIMATIC iMap The above security functions have the following effects when SIMATIC iMap V2 0 or 2 0 SP1 is used in online mode e Online connections cannot be established fully from SIMATIC iMap to the target devices in the plant e The online and diagnostic functions cannot be used and interconnections cannot be downloaded in SIMATIC iMap Note Communication between the PROFINET devices PLC PLC communication is not affected by using Windows XP SP2 on the engineering PC PG Remedy Temporarily change the operating system settings If you have installed Windows XP SP2 on the engineering PG PC with SIMATIC iMap you will have to temporarily change the operating system settings to meet the SIMATIC iMap requirements for the duration of the plant testing and start up phase Caution Some of the security functions are reset to the previous Windows XP security level pre SP2 for the duration of the change Recommendation To guarantee that your PG PC is protected against viruses and unauthorized access you should reverse the changes to the security functions when the testing and start up phase is complete SIMATIC iMap Settings under Windows XP SP2 User Manual Compact Edition 09 2004 A5E00352920 01 1 1 SIMATIC iMap under Windows XP SP2 Overview Steps required to change the settings 1 Change the firewall settings Al
6. dition 09 2004 A5E00352920 01 Changing the settings 2 3 Reversing your changes 2 3 Reversing your changes The changed security functions for the Windows XP SP2 operating system can be restored as required To do this you must reverse the changes you have made e Change the DCOM access permissions so that you reset the DCOM access permissions to the WinXP SP2 level e Change the firewall settings so that you deactivate or remove the exceptions that you added Undo the change to the DCOM access permissions as follows 1 Open the Component Services for your computer by selecting Start gt Run from the Windows taskbar entering DCOMCnfg and clicking on OK to confirm Type the name of a program folder document or Internet resource and Windows will open it for you Open DCOMCnfg Cancel Browse 2 In the Component Services dialog open the Console Root Component Services Computers folder select the My Computer icon from the Computers window and select Properties from the context menu right mouse button Component Services D Fie Action view Window Help gt m gall C Console Root Computers 1 objectis B Component Services Computers faj Event viewer Local Hy Conese i Services Local Stop MS DTC Refresh all components View Properties The My Computer Properties dialog opens SIMATIC iMap Settings under Windows XP SP2 U
7. g rights software described Since deviations cannot be precluded entirely we cannot guarantee created by patent grant or registration of a utility model or design are reserved full agreement However the data in the manual are reviewed regularly and any necessary corrections will be included in subsequent editions Suggestions for improvement are welcomed Siemens AG Automation and Drives Group Siemens AG 2004 P O Box 4848 D 90327 Nuremberg Germany Technical data subject to change Siemens Aktiengesellschaft A5E00352920 01 Table of contents SIMATIC iMap under Windows XP SP2 Overview 2 Changing the Settings wii kisses a saaa i ii a gee a i i o a i i i i k i i denna ii 2 1 Changing the firewall settings 20 0 0 cece aaaa aaa aaa aaa aa aa aaa aa aaa aaa aa aaa aaa aaa 2 2 Changing the DCOM access permissions 2 3 Reversing k eV gteja Talo A 3 LATING ii asis ii ii vans ii i a i i i a i i i i a i a k aanreet 3 1 SIMATIC iMap Settings under Windows XP SP2 User Manual Compact Edition 09 2004 A5E00352920 01 lll Table of contents SIMATIC iMap Settings under Windows XP SP2 User Manual Compact Edition 09 2004 A5E00352920 01 SIMATIC iMap under Windows XP SP2 Overview 1 Introduction Windows XP service pack 2 Windows XP SP2 contains additional security functions that have to be adapted before they can be used with SIMATIC iMap The most important changes are the following e The firewall is activate
8. hanging the firewall settings 2 Select the Exceptions tab and click on the Add Program button to allow external access to the SIMATIC iMap application Windows Firewall General Exceptions Advanced Windows Firewall is blocking incoming network connections except for the programs and services selected below Adding exceptions allows some programs to work better but might increase your security risk Programs and Services Name O File and Printer Sharing Remote Assistance O Remote Desktop O UPnP Framework Delete Display a notification when Windows Firewall blocks a program What are the risks of allowing exceptions SIMATIC iMap Settings under Windows XP SP2 User Manual Compact Edition 09 2004 A5E00352920 01 2 3 Changing the settings 2 1 Changing the firewall settings 3 Select SIMATIC iMap from the Programs box Click on the Browse button if necessary Add a Program To allow communications with a program by adding it to the Exceptions list select the program or click Browse to search for one that is not listed Programs 5 Internet Reversi amp Internet Spades w Minesweeper Ww MSN Explorer Bp OfficeScan NT A OfficeScanNT Monitor a Outlook Express Q Pinball id Snaalt 6 R 2 Snaglt Studio 6 a Path C Program Files Siemens iMap bin CBWAPP 4 Confirm your selection with OK Result SIMATIC iMap is added to t
9. he list of exceptions This means that external DCOM access to SIMATIC iMap is now possible SIMATIC iMap Settings under Windows XP SP2 2 4 User Manual Compact Edition 09 2004 A5E00352920 01 Changing the settings 2 1 Changing the firewall settings 5 On the Exceptions tab click on the Add Port button to set up a port for DCOM access Windows Firewall General Exceptions Advanced Windows Firewall is blocking incoming network connections except for the programs and services selected below Adding exceptions allows some programs to work better but might increase your security risk Programs and Services Remote Assistance O Remote Desktop SIMATIC iMap O UPnP Framework Add Program Add Part N Edit Display a notification when Windows Firewall blocks a program What are the risks of allowing exceptions SIMATIC iMap Settings under Windows XP SP2 User Manual Compact Edition 09 2004 A5E00352920 01 2 5 Changing the settings 2 1 Changing the firewall settings 6 Enter the following in the Add a Port dialog the name DCOM the port number 135 and select the TCP option Add a Port Use these settings to open a port through Windows Firewall To find the port number and protocol consult the documentation for the program or service you want to use Name DCOM Port number 1 35 TCP UDP What are the risks of opening a port Change
10. low external access to the SIMATIC iMap application Setup port for DCOM access 2 Change DCOM access permissions for communication between SIMATIC iMap and the PROFINET devices The procedure for changing and restoring the settings is described below Saving the original settings See also 1 2 The following sections require the Windows XP SP2 default settings These are shown in the graphics The Reversing your changes section describes how to restore these Windows XP SP2 default settings To be able to restore the original status you must save your computer s current settings e g in the form of screen shots before you make any changes This is particularly important if the settings on your PG PC differ from the default settings Changing the firewall settings Page 2 1 Changing the DCOM access permissions Page 2 8 Reversing your changes Page 2 11 SIMATIC iMap Settings under Windows XP SP2 User Manual Compact Edition 09 2004 A5E00352920 01 Changing the settings 2 2 1 Changing the firewall settings You will have to temporarily change the firewall settings on your PG PC in order to diagnose and test the plant using SIMATIC iMAP e Allow external access to the SIMATIC iMap application e Setup port for DCOM access Requirements You will need administrator rights on the PG PC in order to change the security functions Discuss the changes with your network administrators or network operators if necessar
11. lso include a warning relating to property damage Qualified Personnel The device system may only be set up and operated in conjunction with this documentation Only qualified personnel should be allowed to install and work on the equipment Qualified persons are defined as persons who are authorized to commission to earth and to tag circuits equipment and systems in accordance with established safety practices and standards Intended Use A Trademarks Please note the following Warning This device and its components may only be used for the applications described in the catalog or technical description and only in connection with devices or components from other manufacturers approved or recommended by Siemens This product can only function correctly and safely if it is transported stored set up and installed correctly and operated and maintained as recommended All designations marked with are registered trademarks of Siemens AG Other designations in this documentation might be trademarks which if used by third parties for their purposes might infringe upon the rights of the proprietors Copyright Siemens AG 2004 All rights reserved Disclaimer of Liability Reproduction transmission or use of this document or its contents is not permitted without We have checked the contents of this manual for agreement with the hardware and express written authority Offenders will be liable for damages All rights includin
12. scope 7 Click on OK to confirm your input Result DCOM port 135 is added to the list of firewall exceptions SIMATIC iMap Settings under Windows XP SP2 2 6 User Manual Compact Edition 09 2004 A5E00352920 01 Changing the settings 2 1 Changing the firewall settings The following screenshot shows the new settings in the firewall exceptions Windows Firewall General Exceptions Advanced Windows Firewall is blocking incoming network connections except for the programs and services selected below Adding exceptions allows some programs to work better but might increase your security risk Programs and Services Name M DCOM Tal emote Assistance O Remote Desktop SIMATIC iMap O UPnP Framework Add Program Add Port Edit Display a notification when Windows Firewall blocks a program What are the risks of allowing exceptions 8 Click on OK to confirm your input This completes the firewall settings Caution External DCOM access to the computer is now possible once more See also Reversing your changes Page 2 11 SIMATIC iMap Settings under Windows XP SP2 User Manual Compact Edition 09 2004 A5E00352920 01 2 7 Changing the settings 2 2 Changing the DCOM access permissions 2 2 Changing the DCOM access permissions The DCOM access rights have to be temporarily reset to WinXP SP1 level to allow communication between PROFINET devices and
13. ser Manual Compact Edition 09 2004 A5E00352920 01 2 11 Changing the settings 2 3 Reversing your changes 3 Select the COM Security tab then click on the Edit Limits button My Computer Properties General l Options Default Properties Default Protocols MSDTC COM Security Access Permissions You may edit who is allowed default access to applications You may also set limits on applications that determine their own permissions Edit Limits Edit Default Launch and Activation Permissions You may edit who is allowed by default to launch applications or activate objects You may also set limits on applications that determine their own permissions Edit Limits Edit Default J SIMATIC iMap Settings under Windows XP SP2 2 12 User Manual Compact Edition 09 2004 A5E00352920 01 Changing the settings 2 3 Reversing your changes 4 Inthe Access Permission dialog restore the permissions to their original status by selecting the ANONYMOUS LOGON entry and deactivating the Remote Access option This is the default setting for Windows XP SP2 Access Permission Security Limits Group or user names f Ef ANONYMOUS LOGON 4 Everyone Add Remove Permissions for ANONYMOUS LOGON Allow Deny Local Access Remote Access 5 Click on OK to confirm the change SIMATIC iMap Settings under Windows XP SP2 User Manual Compact
14. uickly reactivate the settings if you need to See also Changing the firewall settings Page 2 1 Changing the DCOM access permissions Page 2 8 SIMATIC iMap Settings under Windows XP SP2 User Manual Compact Edition 09 2004 A5E00352920 01 2 15 Changing the settings 2 3 Reversing your changes SIMATIC iMap Settings under Windows XP SP2 2 16 User Manual Compact Edition 09 2004 A5E00352920 01 Literature Further information on Windows XP SP2 can be found in e Windows XP Service Pack 2 Overview http msdn microsoft com security e Windows XP Service Pack 2 Security Information for Developers http msdn microsoft com security productinfo XP SP2 default as px e Changes to Functionality in Microsoft Windows XP Service Pack 2 http www microsoft com technet prodtechnol winxppro maintain sp2chngs mspx SIMATIC iMap Settings under Windows XP SP2 User Manual Compact Edition 09 2004 A5E00352920 01 3 1 Literature SIMATIC iMap Settings under Windows XP SP2 3 2 User Manual Compact Edition 09 2004 A5E00352920 01
15. y Make sure that changes to the settings will not affect other installed applications SIMATIC iMap Settings under Windows XP SP2 User Manual Compact Edition 09 2004 A5E00352920 01 2 1 Changing the settings 2 1 Changing the firewall settings Change the firewall settings as follows 1 Open the firewall from the Windows taskbar using the following command Start gt Control Panel gt Windows Firewall The Windows Firewall dialog opens Windows Firewall General Exceptions Advanced Windows Firewall is helping to protect your PC Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network Y On recommended This setting blocks all outside sources from connecting to this computer with the exception of those selected on the Exceptions tab C Don t allow exceptions Select this when you connect to public networks in less secure locations such as airports You will not be notified when Windows Firewall blocks programs Selections on the Exceptions tab will be ignored x Off not recommended Avoid using this setting Turning off Windows Firewall may make this computer more vulnerable to viruses and intruders What else should know about Windows Firewall SIMATIC iMap Settings under Windows XP SP2 2 2 User Manual Compact Edition 09 2004 A5E00352920 01 Changing the settings 2 1 C

Documentation English

Contents

Download Pdf Manuals

Related Search

Related Contents