Modify Computer Policy Settings

Use Computer Policy Settings
to change these security policy properties:

Whether or not a user can connect to the

FactoryTalk Directory

from a client computer that does not have a computer account in the network directory

How client computers connect to the

FactoryTalk Directory

through Remote Desktop Services, and how the computer name appears in the

FactoryTalk Diagnostics

log of actions.

These settings apply only to computers in the

FactoryTalk

network directory because the

FactoryTalk

local directory does not permit remote access.

To modify Computer Policy Settings

FactoryTalk Administration Console

Explorer
, expand System > Policies > System Policies
.

Right-click Security Policy
and select Properties
.

In Security Policy Properties
, select +
to expand Computer Policy Settings
.

To change the requirements for connecting to the

FactoryTalk Directory

from a computer that does not have a

FactoryTalk

computer account, select Require computer accounts for all client machines
and select one:

Enabled—
allows users to log on to

FactoryTalk

only if they are logging on from a client computer that has an account in the

FactoryTalk Directory

. Remote Desktop Services clients can still log on to

FactoryTalk Directory

without computer accounts if the Identify terminal server clients using the name of
policy is set to Server Computer
. See step 4.

Disabled—
allows users to log on to

FactoryTalk

from any client computer, even if that computer has no computer account in the

FactoryTalk

network directory.

To determine what computer name identifies clients connecting to the

FactoryTalk Directory

through Remote Desktop Services, select Identify terminal server clients using the name of
and select one:

Terminal client
—Client computers must have computer accounts in the

FactoryTalk Directory

to access

FactoryTalk

applications, unless the Require computer accounts for all client machines
policy is disabled. This combination of settings is useful for diagnostic logging because the name of the client computer where actions originate can be logged.

Terminal Client
logs actions using the name of the client computer where the user is connecting to the Remote Desktop Connection (RDC) client computer. The computer name logged in

FactoryTalk Diagnostics

is different for each client connecting via Remote Desktop Services.

Server computer—
allows client computers to connect through Remote Desktop Services without requiring accounts in the

FactoryTalk Directory

, even if the Require computer accounts for all client machines
policy is Enabled
.

Server computer
logs actions using the name of the Remote Desktop Connection server computer. The computer name logged in

FactoryTalk Diagnostics

will be the same for all users connecting via Remote Desktop Services.

To determines if the system will force the use of the local computer name when a disconnected remote session is blocking the logon process, select Force use of local computer name during logon process
and select one:

Enabled—
allows using the local computer name to log in if the remote session is disconnected.

Disabled—
does not allow logging in to the

FactoryTalk Directory

if the remote session is disconnected.

When finished modifying Account Policy Settings, select OK
.

IMPORTANT:

Setting the Identify terminal server clients using the name of
policy to Server Computer
might affect the level of access that a Remote Desktop Services user has to the

FactoryTalk

system.

Security Policy Properties

Computer Policy Settings

Enable single sign-on

Provide Feedback

Have questions or feedback about this documentation? Please submit your feedback here.