Windows-linked user accounts

Windows

-linked user accounts are managed by

Windows

. When accessing

FactoryTalk

resources using a

Windows

-linked account,

FactoryTalk Directory

relies on

Windows

to determine whether the user's name and password are valid, and whether the account is enabled or locked out. Adding

Windows

-linked user accounts to

FactoryTalk Security

user groups is possible. This allows

FactoryTalk Directory

to determine a

Windows

-linked user's level of access to the

FactoryTalk

system independently of the user's level of access to a

Windows

domain.

Add user accounts to the

FactoryTalk

network directory or local directory from the list of users or groups in a

Windows

domain or workgroup. The

Windows

-linked user accounts in the network directory are separate from the

Windows

-linked user accounts in the local directory.

If the computer is disconnected from the

Windows

domain, the computer must reconnect to the domain before adding

Windows

-linked user accounts. However, any users who previously logged on to the

Windows

domain from that computer can log on to

FactoryTalk

using their

Windows

-linked user account while the computer is disconnected from the

Windows

domain.

If possible, use

Windows

-linked group accounts rather than

Windows

-linked user accounts. When deploying the applications from one domain to another, move the user accounts in a

Windows

-linked user group from one domain to another by changing the domain to which the group belongs. This allows moving the applications to a different domain without changing or recreating each user account separately, and without recreating all security permissions for the accounts. If the domain an individual

Windows

-linked user account belongs to changes, delete the old account, create the new account, and then recreate the security permissions for the new account.

Use a password for all

Windows

-linked accounts, otherwise intermittent security failures or an inability to log on may occur. Good security practice dictates not using blank passwords with accounts. If not using a password for

Windows

-linked accounts, on your local computer disable the

Windows

local security policy.

Accounts: Limit local account use of blank passwords to console logon only

.