Creating a Specific Service Account to Run PcVue
A service account is a Windows account used to start a Windows Service as in when PcVue is running as a service. See the topic Options for selection the Service Account for background information.
Creating a service account
The most common local Service accounts used are LOCAL SERVICE and NETWORK SERVICE but you can create a specific account that, for the purpose of this topic, we will call SV_SERVICE.
To create a local account you can open the Local Users and Groups console from the Windows Control Panel or directly from the
SV Core Management Console (Tools.Local Users and Groups). For security reasons, the user account SV_SERVICE must belong to the Users group and never belong to the local Administrators group. 
Show picture
The basic security rule is to always execute a Windows Service with the least possible level of user rights.
If the architecture relies on an Active Directory domain, it can be useful and even necessary to create a domain user account.
Creating a user group
The purpose of this user group (SV_USERS for example) is to define the list of user accounts that are able to access the sv32.exe and HDS.exe processes when they are running as a Windows service or as a desktop application. Show picture
This group must contain:
- Interactive Users or Users Groups that are able to start PcVue tools such as the Application Explorer, the Application Architect or Smart Generators. Adding the Authenticated Users group is a simple way to accommodate any user logged on this computer.
- The Service account used to run PcVue as a service (LOCAL SERVICE, NETWORK SERVICE or SV_SERVICE for example).
Adding permissions to PcVue installation folder
The properties of the PcVue installation folder must be changed so that the user group has Modify permissions. Show picture
After a new users group has been created or modified, it is often necessary to restart Windows to have the changes taken into account.
DCOM settings
PcVue uses DCOM to communicate between its main process and its components such as the Application Explorer. DCOM is also used if the project configuration includes an OPC server, even if OPC clients are on the same computer. PcVue installation creates a DCOM entry called SV Services that is used to provide default security permissions for PcVue executables when running as a Windows service. It is necessary to adapt the DCOM configuration of the SV Services application to authorize the user group SV_USERS created above.
Windows DCOM configuration can be accessed from the Windows Control Panel or directly from the
SV Core Management Console (Tools.Component Services). Using the Security tab of the SV Services properties, you must set the Launch and Activation Permission and Access Permission to Customize, add the user or user group (SV_USERS for example), and edit the permissions as follows. Show pictures
Remote Launch, Remote Activation and Remote Access permissions may also be required if PcVue is to be used as an OPC Server from a remote OPC client.