Showing results 1 to 5 of 5

Thread: Password History.

  1. #1

    Ausrufezeichen Password History.

    Hi all,

    As per the given URS (21 CFR) it states that the SCADA should remember last 3 password  history.

    I would like to know how to fulfill this demand. Since its a stand alone system i dont think AD/LDS would be able to meet this demand. 

    So how can i cater this URS demand? 



  2. #2
    Join Date
    25.06.2012
    Posts
    155
    Best Answer

    Default Re: Password History.

    Hello nivish,

    you are correct. ADAM/AD LDS doesn't store any password policy and it will leverage password policy either from local system or Domain password policy. All user accounts will leverage either the local system password policy or the domain password policy if ADAM/AD LDS server is part of AD.

    Workaround 1:

    By default, an AD LDS instance applies existing local or domain password policies. If a server on which AD LDS is installed belongs to a workgroup, the serverís local password policy settings and account lockout settings are enforced. If the server on which AD LDS is running belongs to a domain, the password policy settings and account lockout settings from the domain are enforced.
    You can use Password Manager to create additional password policies that define which passwords to reject or accept. For each policy, you can configure a number rules, for example, a password age rule, complexity and length rules, custom rule, and others. It is recommended to use the custom rule to display the settings of the local or domain password policy applied to the server on which AD LDS is running.
    Password policy settings are stored in Group Policy objects (GPOs). A GPO is applied to a target organizational unit. Group Policy objects from parent containers are inherited by default. When multiple Group Policy objects are applied, the policy settings are aggregated. 

    To open the Local Group Policy Editor from the command line:
    • Click Start , type gpedit.msc in the Start Search box, and then press ENTER .
    Here you can set the wished settings as long as you are not part of a domain:



    As far as I know you need at least a Professional or a Server version of the operating system. Home Editions does not support these settings.
    You have to run the AD-LDS server on a machine, which does not belong to a domain. It has to be member of a workgroup. If the machine is member in a domain, you probably have to block the domain settings.

    Here is a link how to achieve this: https://jackiechen.org/2014/02/04/block-password-policy-in-ad-lds/

    Workaround 2:

    Alternatively, you could try to use zenon API to calculate an hash code whenever the password is changed (there is an API event for that). The hash code is stored and whenever the password is changed the new hash code is calculated and compared against the last 3 stored hash codes.

    Unfortunately, I cannot guarantee that this would work nor I can provide a sample code for this.

    I hope this information can help. Thank you very much.

    Best regards,
    David Cerdeira
    Attached Thumbnails Attached Thumbnails F_Screenshot.png  

  3. #3

    Default Re: Password History.

    Hi Sir,

    Thanks a lot for the answer.

    I have one query for  Local Group Policy Editor that is if i have 4 users in my zenon scada not in windows will Local Group Policy
    be applicable to those users in my zenon runtime?

    I don't think it would be convenient for the user to restart the system in case they are only applicable to windows users to switch user from operator to supervisor.

    I think i can look for Workaround 2 but could you please tell me where to look for this API event? (windows event logger?)
     

  4. #4
    Join Date
    25.06.2012
    Posts
    155

    Default Re: Password History.

    Hello nivish,

    Thank you very much for your feedback.

    If zenon users are not part of the Local Group Policy these won't take the respective set of policies. For that, you can create an AD LDS user in runtime using the "Active Directory user administration" screen (AD LDS user with administrative rights required).

    Thank you very much.

    Best regards,
    DC



  5. #5

    Default Re: Password History.

    Kind Note to all,

    Zenon 7.60 doesn't support password history even through AD LDS. I got this official reply from ABB ZENON. From 8.20 Password History and Complexity is implemented.


Similar Threads

  1. Zenon Data Event Alarm History Clear
    By gunhunter in forum zenon Supervisor
    Replies: 1
    Last Post: 9th April 2019, 07:42
  2. Zenon Data Event Alarm History Clear
    By gunhunter in forum zenon Energy Edition
    Replies: 1
    Last Post: 9th April 2019, 07:42
  3. Password.cmp
    By Jack_Alpla in forum zenon Supervisor
    Replies: 7
    Last Post: 16th January 2018, 09:43
  4. Alarm history and CEL
    By scotttee in forum zenon Supervisor
    Replies: 19
    Last Post: 2nd April 2009, 17:19
  5. Password on SQL server2005
    By fabios in forum Drivers
    Replies: 1
    Last Post: 22nd May 2008, 08:49

Tags for this Thread

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •