Jim is correct in his summary below. As well as the others in the trail. Domain Controller serves several purposes besides just the user accounts. Invensys Group Policies are also established for Maintenance, Operations, and Engineering functions. Invensys applications like AIM historian, System Manager and others...have been redesigned to take advantage of these Group Policies to implement entitlements to groups of users. For instance...and engineer account in an Engineer group..cannot reboot a CP in System Management even if the AW is a System Monitor console. Requires a Maintenance user to perform the task. Also, the Domain Controller is also used to house the optional McAfee EPO package for Host Intrusion, Device Control, and scheduling updates ..etc...that can be pushed to all the AW/WP's in the system. -----Original Message----- From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of Wilson, James Sent: Tuesday, August 03, 2010 9:53 AM To: foxboro@xxxxxxxxxxxxx Subject: Re: [foxboro] 8.5 Domain Controller I have been told by the Foxboro security group that they can do a custom installation and put your 8.5 Domain Controller off the mesh. Of course their services are not free. I have also been told that having the domain controller off the mesh will be supported as a standard option in version 8.7 Jim Wilson -----Original Message----- From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of Corey R Clingo Sent: Tuesday, August 03, 2010 9:32 AM To: foxboro@xxxxxxxxxxxxx Subject: Re: [foxboro] 8.5 Domain Controller Hmmm...I'm surprised that in 2010 an AD domain controller can't be be dual-homed. Microsoft must be too focused on inventing the next Kin to fix such a trivial little problem as that. But, knowing less than squat about all this, and in light of some recent list emails about locating the server for IEE off-mesh so you can use all 4 cores (which apparently are required for the heavy lifting involved), how do you get this server machine into the domain? Corey Clingo BASF "Johnson, Alex P (IOM)" <Alex.Johnson@xxxxxxxxxxxx> Sent by: foxboro-bounce@xxxxxxxxxxxxx 08/03/2010 08:17 AM Please respond to foxboro@xxxxxxxxxxxxx To "foxboro@xxxxxxxxxxxxx" <foxboro@xxxxxxxxxxxxx> cc Subject Re: [foxboro] 8.5 Domain Controller Dave, Re: My understanding is that using the security options in 8.5 requires a MS Domain, with a domain controller. You are correct. Re: Does the domain controller communicate over the mesh, or do they use the secondary ethernet ports of the AW/WPs? The only officially supported position is for the Domain Controllers to be: 1) On the MESH (IOM restriction) 2) Not dual homed (MS restriction) Of course, other configurations may work, but we haven't tested or documented them at this point. We do have a Security group that can assist with special situations. Re: Also would it be allowable to run any other software on the domain controller since this box is doing almost nothing (processing & network wise). The answer is no. MS says nothing on a DC. Of course, they are thinking about DCs with 10,000s of users, but never the less we do not have permission to load anything else on the box. Re: This would be a great place to store engineering drawings, or other items that might need to be accessed by engineers on an AW without having access to the larger mill network. True, but not available. Regards, Alex Johnson Invensys Operations Management 10900 Equity Drive Houston, TX 77041 +1 713 329 8472 (desk) +1 713 329 1600 (operator) +1 713 329 1944 (SSC Fax) +1 713 329 1700 (Central Fax) alex.johnson@xxxxxxxxxxxx (current) alex.johnson@xxxxxxxxxxxxxxxx (good until September 2010) Attend OpsManage'10 Real Collaboration. Real-Time Results. _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave The information contained in this message and any attached files may be privileged and/or confidential and protected from disclosure. If you are not the intended recipient, any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is strictly prohibited. If you have received this transmission in error, please so notify the sender immediately without reading it. Also, please promptly destroy the original transmission and its attachments. Any views or opinions presented in this message or attachments are those of the author and do not necessarily represent those of KapStone Paper and Packaging Corporation or its subsidiaries. _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave *** Confidentiality Notice: This e-mail, including any associated or attached files, is intended solely for the individual or entity to which it is addressed. This e-mail is confidential and may well also be legally privileged. If you have received it in error, you are on notice of its status. Please notify the sender immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. This email comes from a division of the Invensys Group, owned by Invensys plc, which is a company registered in England and Wales with its registered office at Portland House, Bressenden Place, London, SW1E 5BF (Registered number 166023). For a list of European legal entities within the Invensys Group, please go to http://www.invensys.com/legal/default.asp?top_nav_id=77&nav_id=80&prev_id=77. You may contact Invensys plc on +44 (0)20 7821 3848 or e-mail inet.hqhelpdesk@xxxxxxxxxxxxx This e-mail and any attachments thereto may be subject to the terms of any agreements between Invensys (and/or its subsidiaries and affiliates) and the recipient (and/or its subsidiaries and affiliates). _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave