Re: [foxboro] Changing Fox password on AW70
- From: "Johnson, Alex P (IPS)" <alex.johnson@xxxxxxxxxxxxxxxx>
- To: foxboro@xxxxxxxxxxxxx
- Date: Mon, 13 Mar 2006 09:19:02 -0500
Here is an extract of a conversation with the CSC:
1) Do we support the changing of the password on the user 'Fox' =
account?=20
We don't support changing the password on the Fox account. You are =
correct
in saying that I/A will not work properly if the password is changed.
2) If not, how do we address the security issue and customer =
requirements
that all passwords be changed every few days?
Basically the philosophy has been to password protect environments =
assuming
Operators and Engineers that are allowed to use the computor are okay. =
If
the stations are connected to a second or third network we recommend =
that
those networks have routers and firewalls isolating these networks from
access.
****************************************
At a technical level, there are several critical services that must run =
as
the user Fox and, therefore, must use the associated password. If the
password for Fox is changed, the password used by each of these =
services on
each Windows AW/WP must also be changed.
Basically, the odds of changing all of these for a system of reasonable =
size
are low.
There are a variety of technical approaches that we have examined to =
address
the issue, but no changes to the system have been made to date.
For those that are curious, options include:
1) Running the services as Local Machine, but this allows any program =
to
access the OM's Shared Memory and that is a concern.
2) Running the I/A Series as part of a domain and using the standard MS
Active Directory to handle the password, but it appears that this will =
not
change the password used by the services.
3) Writing a utility to change the password for the services, but this
requires running the utility on every machine.
With regard to item 3), it turns out that MS have such a script. Please =
see:
http://www.microsoft.com/resources/documentation/windows/2000/server/scr=
iptg
uide/en-us/sas_ser_jpez.mspx
This page includes the code required to write a program to change all =
of the
Service login passwords on a given station.
I am NOT recommending that anyone use this script. The company policy =
is
clear, but I did want everyone to understand the source of the issue.
Regards,
=20
Alex Johnson
Invensys Systems, Inc.
10900 Equity Drive
Houston, TX 77041
713.329.8472 (voice)
713.329.1700 (fax)
713.329.1600 (switchboard)
alex.johnson@xxxxxxxxxxxxxxxx
-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx =
[mailto:foxboro-bounce@xxxxxxxxxxxxx] On
Behalf Of Sascha Wildner
Sent: Monday, March 13, 2006 3:05 AM
To: foxboro@xxxxxxxxxxxxx
Subject: [foxboro] Changing Fox password on AW70
Hi,
are there any problems with changing the password of the Fox account on =
an AW70 box? Whenever I bring this issue up among Foxboro people, there =
are always some who say "don't do it, it might cause problems."
Is there any "official" statement on this? Are there applications known =
to break because of this?
Regards,
--=20
Sascha Wildner
erpicon Software Development GmbH
Neusser Str. 724-726
50737 K=F6ln
Germany
Phone: +49 221 9746069
Fax: +49 221 9746099
eMail: swildner@xxxxxxxxxx
=20
=20
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
=20
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: =
mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Djoin
to unsubscribe: =
mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Dleave
=20
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
Other related posts:
