DeltaV 13.3.1 Windows Login as Non Administrator

I am in the process of setting up a new DeltaV 13.3.1 installation. My plan is to have each workstation automatically log in into the Windows environment with the same Windows user name and then have operators/maintenance log into DeltaV with their respective individualized user names. Does the Windows user that I plan on using for every workstation need to be an Administrator level account? On DeltaV 11.3.1 installations I had problems in the past with historian trends not loading when the Windows user was a non-administrator type.  

  • In reply to JoshC:

    As you know there are two levels of security in the DeltaV system: Windows Security and DeltaV Privilege.

    Windows security gives you access to the appropriate files and directories. When you use an Auto Login User, all windows access is based on this user's security.

    DeltaV Privilege is applied with the DeltaV Logon, but does not change the underlying Windows security provided by the Auto Login User.

    You definitely should not auto logon with an Administrator Account. The default user must be a member of the DeltaV Group, as a minimum. If you create the user in DeltaV User manager, it will be created as a Domain User. Then, do not assign this user any privileges or keys in DeltaV. As a DeltaV group user, it should have access to History data. The DeltaV user login will layer the DeltaV level privileges on top of the windows privileges.

    Anything that deals with Windows security, such as File access, Edit privileges, ability to save files is part of the windows user. Administrators should explicitly log on, but only when they need to access elevated functions, and even then, you should be using the Run As feature, so only the program called uses the increased access, and the workstation remains under the less empowered Default user. This way no one walks away from a computer leaving it logged in as an Administrator accidentally.

    Andre Dicaire

  • In reply to Andre Dicaire:

    Agree with Alexandre and Andre on not being an admin windows account but you might consider making this "auto login" user be a view only DeltaV account so alarms would active (but can't acknowledge) if Operate or DeltaV Live is open.

    You can view information on doing this here: emersonexchange365.com/.../3717