HERBST SERVER CONFIGURATION GUIDE

(Windows Firewall and DCOM Configuration)

How to configure Herbst Server                                                                                                                                                  1

Add exceptions to Windows Firewall to allow the incoming traffic                                                                                       1

Step 1. Add Firebird & RPC Server Ports to the List of Firewall Exceptions                                                                   1

Step 2. Add Herbst DAI 1 Server to the List of Firewall Exceptions                                                                                   2

Configure DCOM Security Settings                                                                                                                                                2

Step 3. Adjust security limits of access, launch and activation permissions                                                                    2

Configure Herbst DAI Server Security Properties                                                                                                                     3

Step 4. Allow a certain range of users to launch and access Herbst DAI Server and define the useraccount to run the Server                                                                                                                                                                                                        3

The goal of the present document is to guide you through the configuration procedures of Herbst Server with ease,  to suit your user needs so that you derive pleasure from utilising the Herbst applications.

How to configure Herbst Server

Add exceptions to Windows Firewall to allow the incoming traffic

In Microsoft Windows, Windows Firewall is turned on by default. From the point of view of your computer safety it is not recommended switching Windows Firewall off completely, since it blocks any incoming request which can be dangerous for it. Still it is necessary to configure Windows Firewall so that you can work with the needed applications. To allow the incoming traffic to any needed application you have to add it to the list of Windows Firewall Exceptions.

If you have some other firewall, please, follow its guide or manual and configure it in the similar way as Windows Firewall will be configured.

To ensure the proper operation of Herbst applications you have to add the following items to the list of Windows Firewall Exceptions:

• Firebird,
• RPC Server,
• Herbst DAI 1 Server.

Follow the procedure described below to learn more about the items and how to add them to the list of

Windows Firewall Exceptions:

Step 1. Add Firebird & RPC Server Ports to the List of Firewall Exceptions

Herbst applications� databases are managed by Firebird & RPC Server. To allow connection to this server you need to add the ports 135 &  3051 to the Windows Firewall Inbound & Outbound Rules:

1.1.Type Windows Firewall on the Start menu. Press Enter. The Windows Firewall window opens.

1.2.Select Advanced settings from the menu on the left to open the Windows Firewall with Advanced Security window. In the left pane, right-click Inbound Rules, and then click New Rule in the Actions pane.

1.3.In the Rule Type dialog box, select Port, and then click Next.

1.4.Select TCP option and in the Specific local ports field, type �135, 3051�. Press Next.

1.5.Then choose what action to take when a connection matches the specified conditions:

� 2017 Herbst Manufacturing Ltd.                                                                    Version 1.1 (28 Oct 2017)

1. Allow the connection;
2. Allow the connection if it is secure;
3. Block the connection.

Click Next.

1.6.Select the appropriate checkboxes for defining when this rule should be applied: Domain, Private or Public. Click Next.

1.8. Click Finish.

1.9.Repeat above for Outbound rule

Step 2. Add Herbst DAI 1 Server to the List of Firewall Exceptions

Herbst Data Administration Interface (DAI) Server is a specific Herbst product which performs operations on the database files. To add Herbst DAI 1 Server to the list of Windows Firewall exceptions you have to do the following:

2.1 Type Windows Firewall on the Start menu

2.2 Press Enter. The Windows Firewall window opens.

2.3 Choose Advanced Settings from the menu on the left.

2.4 In the Windows Firewall with Advanced Security window highlight Inbound Rules and then right-click it and choose New Rule.

2.5 New Inbound Rule Wizard opens. Specify the type of the rule you�re creating - Program. Click Next.

2.6 Enter the full program path:

C:\Windows\SysWOW64\DaiSvr1.exe  for 64-bit platform or

C:\Windows\System32\DaiSvr1.exe for 32-bit platform. Click Next.

2.7 Choose Allow the connection as an action to be taken when a connection matches the conditions specified in the rule. Press Next.

2.8 Select the appropriate checkboxes for defining when this rule should be applied: Domain, Private or Public. Click Next.

2.9 The last step is to specify the name and description of the rule. Press Finish to complete the wizard.

2.10  Repeat above for Outbound rule

Configure DCOM Security Settings

Step 3. Adjust security limits of access, launch and activation permissions

One more thing you have to pay your attention to in order to work with Herbst applications is the configuration of Distributed Component Object Model (DCOM). DCOM technology is a set of Microsoft concepts and program interfaces in which client program objects can request services from server program objects on other computers in your workgroup or domain. Follow the instructions to set the DCOM configuration on your computer.

DCOM has a number of security settings. You have to adjust security limits of access, launch and activation permissions.

Follow the procedure to configure DCOM security settings on the computer where Herbst DAI is installed.

3.1 Type dcomcnfg.exe on the Start menu

3.2 Press Enter. The Component Services window opens.

3.3 Expand Component services -> Computers -> My Computer.

3.4 Right-click on My Computer, and then choose Properties on the shortcut menu.

3.5 In the My Computer Properties dialogue box, choose the COM Security tab.

3.6 Click Edit Limits in the Access Permissions area, and then click Add. The Select Users, Computer, Service Accounts, or Groups dialogue box appears.

3.7 In the Enter the object names to select text box, type the name of the client user. You can type several names at once by separating each name with a semicolon or click Advanced if you need to search for the name. Press OK. The users� names will be displayed in the Group or user names list.

3.8 Highlight the added name, and then grant the Local & Remote Access permission by selecting the corresponding checkbox under Allow. If you have added several names, repeat this action for each of them.

3.9 Click OK. You are back in the COM Security tab.

        3.10      Now click Edit Limits in the Launch and Activation Permissions area, and then click Add.

3.11            In the Enter the object names to select text box, type the name of the client user. You can type several names at once by separating each name with a semicolon or click Advanced to select the name. The users� names will be displayed in the Group or user names list.

3.12            Select the added name, and then grant Local Launch, Local Activation, Remote Launch & Remote Activation permissions by selecting the corresponding checkboxes under Allow. If you have added several names, repeat this action for each of them. Click OK.

        3.13     Click OK once again to close the My Computer Properties dialogue box.

Note: The fastest way to grant the approved users all the permissions together is to add them to the Distributed COM Users group. To do it right-click the Start menu, choose Computer Management, expand the Local Users and Groups node, double-click Groups, right-click the Distributed COM Users group and choose Add to Group... from the shortcut menu. In the opened dialogue window click the Add button and enter the username or make use of the Advanced button to set the search parameters and find the necessary user. Press OK. Since this moment the added user will be allowed to launch, activate and use DAI on this machine, as the rest members of this group.

Note: After configuring the COM Security Settings and access and security permissions it�s recommended to restart the PC in order to avoid any technical problems.

Configure Herbst DAI Server Security Properties

Step 4. Allow a certain range of users to launch and access Herbst DAI Server and define the user account to run the Server

Being one of the DCOM applications Herbst DAI Server also has a number of security properties that you have to configure. Firstly, you are to allow your users to launch and to access Herbst DAI Server from client computers. Secondly, you are to define the account which is used to run Herbst DAI Server. It may be the Administrator account (but it is not desirable in terms of security) or any user account with the privilege to launch the DAI Server and to perform actions on files in the Herbst application Server folder.

4.1 Type dcomcnfg.exe on the Start menu

4.2 Press Enter. The Component Services window opens.

4.3 Expand Component services -> Computers -> My Computer.

4.4 Click the DCOM Config node.

4.5 Right-click Herbst Insight 2 Data Administration Interface Server, and then choose Properties from the shortcut menu. Select the Security tab to view or modify the launch, access, or

configuration permissions. Your aim is to configure the permissions so that only the right users could make use of DAI.

4.6 In the Launch and Activation Permissions area, select the Customize option, and then click Edit.

4.7 In the Launch and Activation Permission dialogue box, click Add.

4.8 In the Enter the object names to select text box, type the name of the client user. You can type several names at once by separating each name with a semicolon or use Advanced if you need to search for the name. The users� names will be displayed in the Group or user names list.