> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cognite.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Set up the OPC Classic extractor

> Install and configure the OPC Classic extractor on Windows with support for DCOM connections.

The Cognite OPC Classic extractor is distributed as a Windows installer (.msi file). When you run the .msi file, a setup wizard guides you through the installation process. The installer creates a Windows service and installs the binary files needed to run the extractor.

## Before you start

* Check the [requirements](/cdf/integration/guides/extraction/opc_classic/opc_classic_requirements) for the extractor.

* Assign [access capabilities](/cdf/access/guides/capabilities#opc-classic-extractor) in a Cognite Data Fusion (CDF) project.

  <Tip>
    You can use OpenID Connect and your existing identity provider (IdP) framework to manage access to CDF data securely. [Read more](/cdf/integration/guides/extraction/admin_oidc).
  </Tip>

* Set up a Windows Update schedule. Note that the update may reboot the machine, causing extractor downtime.

* [Download and run the installer](/cdf/integration/concepts/extraction/index#download-installation-files) for the extractor from CDF.

  <Info>
    Set Modify permission under **Properties** in the installation folder to avoid permission issues.
  </Info>

* In the `config` folder, copy `config.minimal.yml` to `config.yml` and edit to fit your requirements.

* Start the extractor by running the executable file from the folder above the `config` folder, `.\bin\OpcClassicExtractor.exe`, or by starting the Windows service.

## Connecting over DCOM

The extractor supports connecting to servers over Distributed component object model (DCOM), but the setup for this is not trivial. This is only required if the extractor is on a different machine than the server. The setup is more straightforward if the server runs on the same machine as the extractor.

<Steps>
  <Step title="Configure the firewall">
    You must follow these instructions for **both** the server **and** the client since DCOM is bidirectional.

    1. Enter the firewall configuration under `Control Panel > System and Security > Windows Defender Firewall`.
    2. Choose `Advanced settings`.
    3. Go to `Inbound Rules` and add a `New Rule...`.

    Configure the first rule:

    1. `Rule Type` should be `Custom`.
    2. Under `Program`, select `All programs`.
    3. Under `Protocol and Ports`, set `Protocol type` to `TCP`, set `Local port` to `RPC Endpoint Mapper`, set `Remote port` to `All Ports`.
    4. Under `Scope`, set local IP addresses to `Any IP address`. We recommend setting remote IP addresses to the IP address of the extractor if it resides on a server, or the server's IP address if the extractor resides on a client.
    5. Under `Action`, select `Allow the connection`.
    6. Under `Profile`, select according to your setup. You typically set this to `Private`, but you may need to update the network profile used by the extractor.
    7. Enter a name, for instance `DCOM Discovery`.

    Create another rule:

    1. Set `Rule Type` to `Custom`.
    2. Under `Program`, select `All programs`.
    3. Under `Protocol and Ports`, set `Protocol type` to `TCP`, set `Local port` to `RPC Dynamic Ports`, set `Remote port` to `All Ports`.
    4. Under `Scope`, set local IP addresses to `Any IP address`. We recommend setting remote IP addresses to the IP address of the extractor if this resides on a server, or the server's IP address if the extractor resides on a client.
    5. Under `Action`, select `Allow the connection`.
    6. Under `Profile`, select according to your setup. You typically set this to `Private`, but you may need to update the network profile used by the extractor.
    7. Enter a name, for instance `DCOM Dynamic Ports`.
  </Step>

  <Step title="Configure DCOM">
    This also needs to be done on both the server and the client, though the configuration is slightly different.

    1. Open the Start menu > `Run` program.
    2. Type in `DCOMCNFG`. This opens the configuration for DCOM.
    3. You'll find the configuration under `Component Services > Computers > My Computer`.
    4. Under `DCOM Config`, grant permissions to the user the extractor will run as:
       * Find the server in the list of DCOM applications.
       * Right-click and select `Properties`.
       * Set `Authentication Level` to `Connect`.
       * Under `Security`, select `Customize` and `Edit` for each permission.
       * Grant access to `Local Launch`, `Remote Launch`, `Local Activation`, `Remote Activation`, `Local Access`, `Remote Access`, and `Read`. It may be possible to restrict this further, depending on the server.
    5. Make the same changes to `OpcEnum`.
    6. Under `My Computer > Properties` in the same view:
       * Go to `Default Properties`.
       * `Enable Distributed COM on this computer`.
       * Set `Default Authentication Level` to `Connect`.
       * Set `Default Impersonation Level` to `Identity`.
  </Step>
</Steps>
