Hi,
Is it possible to allow only the user Administrator to log in to windows on the PP, and any other user to log in to DeltaV? In the windows security policy I was able to allow only Administrator to log in to windows, but this is propagated also to the DeltaV login (only Administrator could log in also on DeltaV). Is there a solution to this? I would need this configurable depending on stations(Admin for PP, Admin and Defaultuser for OpStation, etc.).
Many thanks,
Tibor
I think a possibility to do this would be to change the Local Security Policy.
In the "User Rights Assignment" there is the point "allow log on locally"
There you can add your users or groups which can log on.
But I'm not sure if it also works on a domain setup.
Kind Regards Harald
In reply to Harald W:
Thanks for the quick reply. This is the method I have also tried, but like this I was unable to log in to DeltaV from the flexlock with a different account.
In reply to Wengritzky Tibor:
Would having the Pro+ automatically login as administrator to Windows environment solve your problem?
If you did this and the machine is turned off and then is turned back on at a later point...no keystrokes are needed to get to the DeltaV Desktop environment.
In reply to Matt Stoner:
This is the solution on the Op Stations, to log in with Defaultuser automatically, but a log-off can still be performed with windows access. But the customer definitely doesn't want the Pro+ to be logged in to windows environment after a restart for safety issues.
I agree with Wengritzky... logging an administrator on automatically represents a significant securty risk and should not be regular practice (although I know it is).
The problem is the interactive logon restrcition applies to the OS login, but DeltaV also uses this check to determine is the windows user is allowed into the application.
I think your solution might be to create the non-administrator account as a non-windows account. DeltaV won't check the windows security policy if the account is not windows.
What is the reason why an operator can't log into the pro plus OS? If you have DeltaV desktop autoswitch enabled and they don't have desktop access what harm can they cause, especially considering that you will allow them to log into the application (while administrator runs the OS)?
In reply to Youssef.El-Bahtimy:
The only reason what I can think of at the moment is that the printer driver is installed only for the Administrator windows account, so if another user logs in to the OS, he is not able to print.
That's an easy fix.
Set up a batch file that adds the printer. It should do this:
>> rundll32.exe printui.dll,PrintUIEntry /y /n %PRSELECT%
where %PRSELECT%=\\server\printer
1. Put this script in the Documents and Settings/All Users/Start Menu/Startup folder for each computer.
OR
2. Add the script to the machine group policy for each computer
gpedit.msc -->User Configuration --> Scripts(Logon/Logoff) --> Logon
3. Add the script to the DOMAIN group policy for the entire domain.
From a domain controller -
Active Directory Users and Computers.msc --> Domain Name --> Properties --> Group Policy --> User Configuration --> Scripts(Logon/Logoff) --> Logon