Here is an extract of a conversation with the CSC: 1) Do we support the changing of the password on the user 'Fox' = account?=20 We don't support changing the password on the Fox account. You are = correct in saying that I/A will not work properly if the password is changed. 2) If not, how do we address the security issue and customer = requirements that all passwords be changed every few days? Basically the philosophy has been to password protect environments = assuming Operators and Engineers that are allowed to use the computor are okay. = If the stations are connected to a second or third network we recommend = that those networks have routers and firewalls isolating these networks from access. **************************************** At a technical level, there are several critical services that must run = as the user Fox and, therefore, must use the associated password. If the password for Fox is changed, the password used by each of these = services on each Windows AW/WP must also be changed. Basically, the odds of changing all of these for a system of reasonable = size are low. There are a variety of technical approaches that we have examined to = address the issue, but no changes to the system have been made to date. For those that are curious, options include: 1) Running the services as Local Machine, but this allows any program = to access the OM's Shared Memory and that is a concern. 2) Running the I/A Series as part of a domain and using the standard MS Active Directory to handle the password, but it appears that this will = not change the password used by the services. 3) Writing a utility to change the password for the services, but this requires running the utility on every machine. With regard to item 3), it turns out that MS have such a script. Please = see: http://www.microsoft.com/resources/documentation/windows/2000/server/scr= iptg uide/en-us/sas_ser_jpez.mspx This page includes the code required to write a program to change all = of the Service login passwords on a given station. I am NOT recommending that anyone use this script. The company policy = is clear, but I did want everyone to understand the source of the issue. Regards, =20 Alex Johnson Invensys Systems, Inc. 10900 Equity Drive Houston, TX 77041 713.329.8472 (voice) 713.329.1700 (fax) 713.329.1600 (switchboard) alex.johnson@xxxxxxxxxxxxxxxx -----Original Message----- From: foxboro-bounce@xxxxxxxxxxxxx = [mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of Sascha Wildner Sent: Monday, March 13, 2006 3:05 AM To: foxboro@xxxxxxxxxxxxx Subject: [foxboro] Changing Fox password on AW70 Hi, are there any problems with changing the password of the Fox account on = an AW70 box? Whenever I bring this issue up among Foxboro people, there = are always some who say "don't do it, it might cause problems." Is there any "official" statement on this? Are there applications known = to break because of this? Regards, --=20 Sascha Wildner erpicon Software Development GmbH Neusser Str. 724-726 50737 K=F6ln Germany Phone: +49 221 9746069 Fax: +49 221 9746099 eMail: swildner@xxxxxxxxxx =20 =20 _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html =20 foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: = mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Djoin to unsubscribe: = mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Dleave =20 _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave