Re: [foxboro] 8.5 Domain Controller

From: "Boulay, Russ" <Russ.Boulay@xxxxxxxxxxxx>
To: "foxboro@xxxxxxxxxxxxx" <foxboro@xxxxxxxxxxxxx>
Date: Tue, 3 Aug 2010 10:19:50 -0400
Jim is correct in his summary below.
As well as the others in the trail.

Domain Controller serves several purposes besides just the user accounts.
Invensys Group Policies are also established for Maintenance, Operations, and 
Engineering functions.
Invensys applications like AIM historian, System Manager and others...have been 
redesigned to take advantage of these Group Policies to implement entitlements 
to groups of users.

For instance...and engineer account in an Engineer group..cannot reboot a CP in 
System Management even if the AW is a System Monitor console.
Requires a Maintenance user to perform the task.

Also, the Domain Controller is also used to house the optional McAfee EPO 
package for Host Intrusion, Device Control, and scheduling updates ..etc...that 
can be pushed to all the AW/WP's in the system.

-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On 
Behalf Of Wilson, James
Sent: Tuesday, August 03, 2010 9:53 AM
To: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] 8.5 Domain Controller

I have been told by the Foxboro security group that they can do a custom 
installation and put your 8.5 Domain Controller off the mesh.  Of course their 
services are not free.  I have also been told that having the domain controller 
off the mesh will be supported as a standard option in version 8.7

Jim Wilson

-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On 
Behalf Of Corey R Clingo
Sent: Tuesday, August 03, 2010 9:32 AM
To: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] 8.5 Domain Controller

Hmmm...I'm surprised that in 2010 an AD domain controller can't be be
dual-homed.  Microsoft must be too focused on inventing the next Kin to
fix such a trivial little problem as that.

But, knowing less than squat about all this, and in light of some recent
list emails about locating the server for IEE off-mesh so you can use all
4 cores (which apparently are required for the heavy lifting involved),
how do you get this server machine into the domain?


Corey Clingo
BASF





"Johnson, Alex P (IOM)" <Alex.Johnson@xxxxxxxxxxxx>
Sent by: foxboro-bounce@xxxxxxxxxxxxx
08/03/2010 08:17 AM
Please respond to
foxboro@xxxxxxxxxxxxx


To
"foxboro@xxxxxxxxxxxxx" <foxboro@xxxxxxxxxxxxx>
cc

Subject
Re: [foxboro] 8.5 Domain Controller






Dave,

Re: My understanding is that using the security options in 8.5 requires a
MS Domain, with a domain controller.
You are correct.

Re: Does the domain controller communicate over the mesh, or do they use
the secondary ethernet ports of the AW/WPs?
The only officially supported position is for the Domain Controllers to
be:
1) On the MESH (IOM restriction)
2) Not dual homed (MS restriction)

Of course, other configurations may work, but we haven't tested or
documented them at this point. We do have a Security group that can assist
with special situations.


Re: Also would it be allowable to run any other software on the domain
controller since this box is doing almost nothing (processing & network
wise).
The answer is no. MS says nothing on a DC. Of course, they are thinking
about DCs with 10,000s of users, but never the less we do not have
permission to load anything else on the box.


Re: This would be a great place to store engineering drawings, or other
items that might need to be accessed by engineers on an AW without having
access to the larger mill network.
True, but not available.


Regards,

Alex Johnson
Invensys Operations Management
10900 Equity Drive
Houston, TX 77041
+1 713 329 8472 (desk)
+1 713 329 1600 (operator)
+1 713 329 1944 (SSC Fax)
+1 713 329 1700 (Central Fax)
alex.johnson@xxxxxxxxxxxx (current)
alex.johnson@xxxxxxxxxxxxxxxx (good until September 2010)


Attend OpsManage'10
Real Collaboration. Real-Time Results.







_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html

foxboro mailing list:             //www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave


The information contained in this message and any attached files may be 
privileged and/or confidential and protected from disclosure. If you are not 
the intended recipient, any disclosure, copying, distribution or use of any of 
the information contained in or attached to this transmission is strictly 
prohibited. If you have received this transmission in error, please so notify 
the sender immediately without reading it. Also, please promptly destroy the 
original transmission and its attachments. Any views or opinions presented in 
this message or attachments are those of the author and do not necessarily 
represent those of KapStone Paper and Packaging Corporation or its subsidiaries.
 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             //www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
 


*** Confidentiality Notice: This e-mail, including any associated or attached 
files, is intended solely for the individual or entity to which it is 
addressed. This e-mail is confidential and may well also be legally privileged. 
If you have received it in error, you are on notice of its status. Please 
notify the sender immediately by reply e-mail and then delete this message from 
your system. Please do not copy it or use it for any purposes, or disclose its 
contents to any other person. This email comes from a division of the Invensys 
Group, owned by Invensys plc, which is a company registered in England and 
Wales with its registered office at Portland House, Bressenden Place, London, 
SW1E 5BF (Registered number 166023). For a list of European legal entities 
within the Invensys Group, please go to 
http://www.invensys.com/legal/default.asp?top_nav_id=77&nav_id=80&prev_id=77. 
You may contact Invensys plc on +44 (0)20 7821 3848 or e-mail 
inet.hqhelpdesk@xxxxxxxxxxxxx This e-mail and any attachments thereto may be 
subject to the terms of any agreements between Invensys (and/or its 
subsidiaries and affiliates) and the recipient (and/or its subsidiaries and 
affiliates).


 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             //www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
References:
- Re: [foxboro] 8.5 Domain Controller
  - From: Johnson, Alex P (IOM)
- Re: [foxboro] 8.5 Domain Controller
  - From: Corey R Clingo
- Re: [foxboro] 8.5 Domain Controller
  - From: Wilson, James
Re: [foxboro] 8.5 Domain Controller

Other related posts:
