All,
The root password issue with older Foxboro IA software has been beaten to
death. The older Foxboro DCS (at least the Windows version) was not
designed to change the root account and password. If you want to try to
change it, do so at your own risk, and don't plan to get much help from
Invensys/Schneider-Electric when you do so. I fully understand the
budgetary and approval road block issues, but if you want to be able to
change the root password and account, then you will need to upgrade to one
of the Secure Edition (SE) software versions, which basically means that it
is designed to work with Domain Controller for the password and account
management, and Invensys has a standard install for the domain policies.
If you can still get the XP version, I think the secure version started
around 8.5 or 8.6; and the Win7/Server 2008 version 8.8 and newer has
always offered the option. To convert to the secure version, you will have
to have at least one domain server setup and communicating on the network,
and then each station being converted over will have to be re-installed as
Day 0 with the SE option.
If you aren't able to convert everything at once, you may find that you can
initially upgrade only part of the system at a time. Though there are
nuances, we have some 9.x SE WPs running with V8.4.2 AWs and WPs at one of
our plants. and my understanding is that we can upgrade some of the AWs to
9.X SE or newer, while other equipment is still at 8.4.2.
Neil Martin, P.E.
Huntsman Performance Chemicals
From: Michael Toecker <michael.toecker@xxxxxxxxx>
To: foxboro@xxxxxxxxxxxxx,
Date: 10/20/2016 09:04 AM
Subject: Re: [foxboro] Password change of the Fox and Administrator
users
Sent by: foxboro-bounce@xxxxxxxxxxxxx
It's incredibly depressing that none of us have the answer to this
question. All we have is hokum and speculation, and few hard facts other
than "don't change the FOX user, cause we don't know where else the
password might be in the code." Makes everyone scared to do ANYTHING to
harden their system out of fear that one wrong move will get them fired.
I'm participating in an IA hardening project coming up, and I'm going to
request the specific details on password changes in a Foxboro technical
document when I get back to the office. We will need the exact
justification for our regulator to review, and we have a requirement to
change all passwords we can, and document mitigating actions when we can't.
I don't have this problem with GE, Emerson and Yokogawa when I work with
them.
Mike
On Wed, Oct 19, 2016 at 4:59 PM, Alexander Johnson <
alexander.johnson@xxxxxxxxxxxxxxxxxxxxxx> wrote:
It won't.
AJ
