DCOM authentication hardening: what you need to know

Thanks everyone for their help on this.  We found a great simple solution for this post hardening issue by simply updating our COM+ my computer level properties to the below on our app server and our transport server:

1. Go to Component Services -> Computers -> My Computer and right click on My Computer and select Properties.  
2. On the Default Properties tab, change the Default Authentication Level to “Packet Integrity” or “Packet Privacy” Whatever you choose must be the SAME on the client AND server computer. Generally users are setting this to Packet Integrity and that is our standard recommendation at this time.   We also left the default impersonation level to identify on both servers.  It did not affect other OS operations not affected by this KB so we will switch all servers to this.

If your OPC Client or Server have their own entries under the DCOM Config part of the Component Services tree, you will need to make the same change on the General Tab, Authentication Level.   

These changes at a MINIMUM will require you to restart your client and server applications, though we recommend a machine restart to ensure that the changes take effect.