Recent Control & Safety Systems Discussions
Similar Posts
Modify Flexlock Log Off Time
Is there a way to allow non-admin users disconnect/log-off a remote session on DeltaV operator stations?
Enable and disable alarms on a workstation based on which user is logged in
Logged on User
User id creation and modification event log in deltaV
Share
  • Not Answered

Using tasks scheduler to log off a high privilege user which does not manually log off.

Hi Colleagues.

Please provide me with a method or program that can be initiated with windows task scheduler to log off a high privilege use (e.g. Tune) and   log on  a less privilege user (e.g. Operate) seamlessly  if the high privilege user stays logged on for greater than 2 hours. Both accounts are windows and DeltaV database account. The task need to be executed with an account with windows administrator privilege whether any of above user logged on or not. 

The workstation used in Windows 7 64 bit and part of a DeltaV 12.3.1 system in  a domain environment.

The auto logon addresses direct log into DeltaV from the users' window account.  I am looking for a solution that addresses above mentioned requirement.

Thanks

Jaimin Pandya

Jaimin

4 Replies

  • Andre Dicaire
    DeltaV provides the DeltaVScreenSaver to help manage idle sessions. It can either logoff to <none> or you can specify a user that will be logged on in place of the current user. You should only use a View Only user for automatic logon by the screen saver, and any privileged user should login explicitly. Check Books On Line section under Recommended Maintenance Practices, or search for DeltaVScreenSaver.

    As a screen saver, the workstation tracks inactivity rather than a set time, not a fixed period. If you want to use a fixed time, you'll need to detect this by monitoring the current user with an On Change event tied to the current user and determine if the new user has elevated privileges that will trigger the timer. If the user logs off, the timer would be cleared and the event would not trigger. If left logged on, the event triggers and forces a logon of the less privileged user. I don't think you can restore the previous user because you would need to store every ones password in the script. Not very secure. You would have to either log off to <none> and let the operators log on manually, or use a specific account, with minimal privilege.

    You might want to add a timer in the tool bar to show how much time is remaining before the session is logged off, and avoid surprising a user. Clicking on the timer could also trigger the event making it convenient for Tune user to log off and hand system back to Operator.

    Sorry I don't have any code to share on logging off the user and logging on another.

    Andre Dicaire

  • Scott Thompson
    I agree with Andre that the DeltaVScreenSaver will most likely accomplish what you are looking for although it is only for the DeltaV user, not the Windows user. Most validated environments require this functionality. Cyber security rules would recommend that you be logged into Windows with the lowest level user that will support what the user needs to do.

    As far as a custom solution, the DeltaV executable hlo.exe handles automatic logoff and logon functions.

    Logoff DeltaV user:
    c:\deltav\bin\hlo.exe -logoff

    Logon DeltaV user:
    c:\deltav\bin\hlo.exe -user username -password userpassword -computer domainname

    where username, userpassword and domainname are the account specific items. The downfall of this is that the password is in plain text if you are doing this in VBA in the toolbar.


    To logoff from Windows the shutdown command will log off the current user:

    shutdown /l
  • Jaimin
    Hi Scott
     
    Thanks for the reply. I will discuss with our team about custom solution.
     
    The password is common for a group of people known to everyone who operates and tunes occasionally.
     
    Jaimin
     
  • kbradshaw

    In reply to Jaimin:

    We have this problem at 3 of the installations at the site. On one system, I'm using the scheduler within DeltaV Operate to log off privileged users and log on the correct operator user. (We have 3 separate operating areas and 8 workstations on the system.) This is a time-based schedule that runs every 15 minutes and checks the current user at the workstation. If the correct operator name or a member of the DCS support group is not logged on, the user is logged off and the correct user for that workstation is logged on.
    What I'd prefer to do is to make this an event-based schedule based on an user change and allow 15 minutes for the user to perform whatever task is required before logging them out.
    Is there an event that DeltaV Operate can detect for a user change?

This is the official online community site of the Emerson Global Users Exchange, a forum for the free exchange of non-proprietary information among the global user community of all Emerson Automation Solution's products and services. Our goal is to improve the efficiency and use of automation systems and solutions employed at members’ facilities by sharing our knowledge, experiences, and application information.

User Groups | World Areas | Community Guidelines | Legal Information | Privacy Policy | Contact Community Manager

Website translation provided by Website Translator

© 2015-2022 Emerson Global Users Exchange. All rights reserved.