I am looking for a document that describes the default users/services that are installed with a clean installation of DeltaV 13.3. I work in a regulated industry and need to understand what accounts can stay and what accounts I can remove.
Tim
Tim,
I undertook this task for a client in the biopharma space recently for a Data Integrity / Cyber Security assessment, using an earlier version of DeltaV. Let me just say this is a lot easier to manage in v13.3.1 than on previous versions.
First, I would not remove application accounts, just disable those not being used (since re-installation will just put them back). Default accounts can and should be removed.
In DeltaV Books On Line v13.3.1 article DeltaV accounts, the Default accounts (Operator, Supervisor etc) and application accounts (DVBHisAdmin, etc) installed are listed. The SQL accounts sa and DVSQLADMIN are not listed, however. I'll get back to those later.
The article states the DeltaV Security Administration application (an application new to v13) should be used on *each* workstation to manage built in accounts.
The trouble I have with this is it is not centralized, it must be managed on each computer in a system. Installed local machine accounts even within a domain environment must be managed individually on each computer (similar to how DeltaVAdmin password change must be executed on each computer individually). If a workstation is rebuilt, this application should be run as part of the installation procedure to re-disable the unused service accounts.
Fortunately, of those built in accounts, most are disabled by default, a vast improvement over previous versions of DeltaV.
Regarding the SQL accounts, I received very specific guidance from GSC regarding changing the 'sa' account pw the DVSQLADMIN account pw, but is not well documented and is managed outside of DeltaV applications for each individual VCAT, EJOURNAL, DVHISDB server.
Good luck.