Recent Control & Safety Systems Discussions
Similar Posts
What is the new default administrator login password?
DeltaV Login
DeltaV Database Administration
DeltaV Operator Login
How to Change DeltaV Administrator password
Share

DeltaV 13.3.1 Windows Login as Non Administrator

I am in the process of setting up a new DeltaV 13.3.1 installation. My plan is to have each workstation automatically log in into the Windows environment with the same Windows user name and then have operators/maintenance log into DeltaV with their respective individualized user names. Does the Windows user that I plan on using for every workstation need to be an Administrator level account? On DeltaV 11.3.1 installations I had problems in the past with historian trends not loading when the Windows user was a non-administrator type.  

JoshC
  • Alexandre Peixoto
    JoshC,

    from a security point of view, the privileges provided to a user that is logged into a DeltaV system need to match up. You should not set auto-login with Windows administrative privileges. If shared Windows accounts are used (not the best practice), then make sure they match the same level of privileges the users in the system have - consider the least privilege approach for that. In this case, when the system administrator needs to log in, he/she will need to log into the Windows environment with administrative rights first.

    Users are able to access the DeltaV resources they are entitled to even when they are not administrators of the system, more information is needed to determine what types of issues you encountered on your DeltaV v11.3.1 installation.

    Regards,

    Peixe
  • kathrynpate
    We had a similar problem when we started using a lower privilege account for autologin to windows. (We are 13.3.1) Our problem was with connecting to the event chronicle so it only affected the .phve trends opening in PHV. Our LBP ran a script to add the SQL read access to the DeltaV windows user group on the ProPlus. I believe there is a KBA for this but I can't seem to find it.

    Hope this helps.
    Kathy

    Kathy Pate

    Toray Carbon Fibers America

    Decatur, AL 35601

    kathy.pate@toraycma.com

  • JoshC

    In reply to Alexandre Peixoto:

    OK. I'll try it first with a standard Windows account. I don't remember the specific error message that I received on the 11.3.1 system but I did find the answer on this forum which required logging into windows with an administrator account (this was a domain environment).

    Thank-you for the feedback.
  • JoshC

    In reply to kathrynpate:

    Interesting. Thank-you for the feedback. I'll try to find more information since I would rather not log into Windows with an administrator level account.
  • Andre Dicaire

    In reply to JoshC:

    As you know there are two levels of security in the DeltaV system: Windows Security and DeltaV Privilege.

    Windows security gives you access to the appropriate files and directories. When you use an Auto Login User, all windows access is based on this user's security.

    DeltaV Privilege is applied with the DeltaV Logon, but does not change the underlying Windows security provided by the Auto Login User.

    You definitely should not auto logon with an Administrator Account. The default user must be a member of the DeltaV Group, as a minimum. If you create the user in DeltaV User manager, it will be created as a Domain User. Then, do not assign this user any privileges or keys in DeltaV. As a DeltaV group user, it should have access to History data. The DeltaV user login will layer the DeltaV level privileges on top of the windows privileges.

    Anything that deals with Windows security, such as File access, Edit privileges, ability to save files is part of the windows user. Administrators should explicitly log on, but only when they need to access elevated functions, and even then, you should be using the Run As feature, so only the program called uses the increased access, and the workstation remains under the less empowered Default user. This way no one walks away from a computer leaving it logged in as an Administrator accidentally.

    Andre Dicaire

  • Matt Stoner

    In reply to Andre Dicaire:

    Agree with Alexandre and Andre on not being an admin windows account but you might consider making this "auto login" user be a view only DeltaV account so alarms would active (but can't acknowledge) if Operate or DeltaV Live is open.

    You can view information on doing this here: emersonexchange365.com/.../3717
  • Matt Stoner

    In reply to Matt Stoner:

    Forgot to mention that this view only account is also documented in Books Online (not sure how many revisions back though):

    System Administration and Maintenance -> Recommended maintenance practices -> Create a view-only user account

This is the official online community site of the Emerson Global Users Exchange, a forum for the free exchange of non-proprietary information among the global user community of all Emerson Automation Solution's products and services. Our goal is to improve the efficiency and use of automation systems and solutions employed at members’ facilities by sharing our knowledge, experiences, and application information.

User Groups | World Areas | Community Guidelines | Legal Information | Privacy Policy | Contact Community Manager

Website translation provided by Website Translator

© 2015-2022 Emerson Global Users Exchange. All rights reserved.