[foxboro] Fwd: Windows based I/A Foxview user name & password

This note was sent to the webmaster@xxxxxxxxxxxxxxxxxxxxxxx address, but
I think it's meant for the list.

Yes, when we first got our XP workstation and ran across this same
issue, we could only shake our head and wonder aloud, "How can they *do*
that?"

Duc



On Thu, 26 Jan 2006 12:39:35 -0600, "Daniel Wu" <Daniel_Wu@xxxxxxxxxxxx>
wrote:
> 
> 
> 
> 
> Greetings to every one:
> 
> My apology for a long e-mail!!
> 
> We have several Solaris based I/A systems on site and have recently
> installed a separate Window-XP based I/A in another area.  On a Solaris
> based AW, we connect our network PC and servers to the AW using the user
> name "root".  Periodically, we change the "root" password  to follow our
> IT policy.  Foxview environment passwords are used to limit access for
> different groups of Foxview users on AW and WP.   One cannot log into the
> SHELL environment with correct root/password .  The security works well
> for us.
> 
> On our newly installed Window XP based AW and WPs, we use the Foxboro
> provided Window user name (let's say it is IAuser / IApassword) to log in
> the AW's to make changes to IACC, sequence codes, recipes and graphics.
> Generally, we log into the AW's via our plant network.  Same user name
> and password combination applies to all AWs and WPs.  WP's are setup to
> be in lockdown mode while on AW, any authorized user has full access to
> all files.
> 
> One day, I changed "IApassword" to something that followed our IT policy
> on the AW.  After that, I could not bring up Foxview. I consulted Foxboro
> engineers about the problem. Foxboro's comment was that I/A was built
> with the user name IAuser and IApassword, I had to use the same user name
> and password combination to log into the AW (or WP).  Otherwise, Foxview
> will not come up.  This applies to all WP operator consoles.  That means
> we cannot change the password on a Windows based I/A WP or AW --- ever. 
> This was a surprise to me --- considering Foxboro is selling their network
> security services.  Username/password authentication is the only means we
> have to stop unauthorized access to the DCS.  It will a tough sale to our
> IT folks that we can change passwords on our DCS user accounts.  Another
> problem is that if a WP goes into "lock" mode for whatever reason
> (different than a screen save mode).  The operator must know the username
> "IAuser" and password "IApassword" to unlock the WP to use Foxview.
> 
> There are two problems for us:  1. Current I/A architecture prohibits us
> from following our IT password policy -- change passwords periodically. 
> It is a big security problem. 2. If an operator, with pure luck gets the WP
> into "lock" mode, I (with my luck, it is most likely to be 2 AM in the
> morning or hours away from the plant) need to drive back to the plant to
> enter the password "IApassword" to unlock the WP.  If I give out the
> password to the operators, they can log into the AWs with full access to
> all files on the AWs.  I had several discussion with Foxboro engineers.
> Their response was that was way I/A was built and no solution was
> provided.
> 
> Do any Window based I/A users have same experience?  Any suggestion on
> how to resolve or get around the problems.
> 
> Thanks for your attention!
> 
> Daniel Wu
> Huntsman Corporation
 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             http://www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave

Other related posts: