With which user should I start the WinCC OA Pmon Service when I’m using Kerberos?

The correct answer for this question depends on the specific requirements for every project. Every option has some advantages and disadvantages:

Option 1: Start Pmon as Network Service
Advantage:
This is the recommended option if high security requirements have to be fulfilled. With this option it is possible to limit the access to local folders on the own machine and it is not possible to get access to remote resources like printers and UNC-paths.
Disadvantage: In case where it is needed it is not possible to grant permission for remote resources

Option 2: Start Pmon as Local Service
Advantage:
No permissions for local and remote resources but it’s possible to grant access to local resources if they are required.
Disadvantage: In case where it is needed it is not possible to grant permission for remote resources

Option 3: Start Pmon as Local System
Advantage:
No permission for remote resources and full access to local resources but it is possible to limit the access to local resources.
Disadvantage: In case where it is needed it is not possible to grant permission for remote resources

Option 4: Start Pmon as specific User
Advantage:
A detailed distribution of permissions is possible. Access to local and remote resource could be granted.
Disadvantage: Malpractice of this user is possible and root permission in WinCC OA could be archived very easily. A high effort of working time could be possible to define a secure system.

Date added:
Last revised:
Hits:
9.353
Rating:
Rating: 3.2. 40 vote(s).
40 anonymous votes
No rating done at all.
Your vote was '' (0 of 5) You are an anonymous user.
You may log on to do personalized votings
Click the rating bar to rate this item Please log on to do ratings
  • Notification

    FE user cannot be identified! (1403201096)

Tags:
Installation / Configuration, Special Functions / Features, WinCC Open Architecture