The OpcSecurityAnalyzer utility is a Windows Forms application designed to help with security permission settings related to OPC DA server access in order to:

• Find why the access to an OPC DA server is denied
• Check if the the server access is denied for all but the valid users

Local and Remote OPC servers can be browsed and accessed. The User definitions and some other settings can quickly be changed to determine if the access is correctly allowed or denied. 

Server access may be denied due to Firewall settings. The OpcSecurityAnalyzer shows the Firewall settings and helps quickly make the proper settings.
If access is unexpectedly denied then a number of tests can be executed and the displayed findings should help to locate the cause for the denial.

The above screen shot shows the log of a remote server access. The first Connect failed because OpcEnum.exe was not enabled in the Firewall.
Another remote machine could be browsed but the selected server could not be connected. The diagnostics shows an inconsistency in the server registration and indicates that a server file may not be there or not be accessible to the launching user. Due to access restrictions the analyzer could not check the exe file directory.
A further connect to another server was successful.

Motivation to create the OpcSecurityAnalyzer Tool:
Advosol sells OPC server and client components for many years and observed that most support cases are related to security settings issues. This is increasingly so because:

• applications use access to OPC servers on networked computers
• Windows default settings increasingly restrict the access to reduce vulnerabilities

Windows security is of daunting complexity with settings on multiple levels, DCOM, Firewall, Windows and .NET. It is often hard to determine on what level an access is denied and even harder to find what unwanted access is allowed.
This tool hopefully helps in this process.

Please report any encountered difficulties and suggestions for improvements to support@advosol.com