What are the requirements for a GDOT Service Account?
Download as pdf :
Products:
Aspen GDOT
Last Updated:
06-Jan-2023
Last Updated:
06-Jan-2023
Versions:
Article ID:
000100649
Article ID:
000100649
Primary Subject:
Problem Statement
This article described what are the main requirements for a GDOT Service Account
Solution
According to the GDOT User Guide there a couple major requirements that the Service Account should meet:
1.- All Aspen GDOT application processes must run in the context of a specific user; we refer to that account as a “Service Account”. If multiple services accounts are used, you may also want to create a user group, with the service accounts as members, to simplify the configuration of security settings associated with the GDOT applications.
2.- Because we do not want GDOT applications to terminate due to password expiration, these service accounts are usually configured with non-expiring passwords.
3.- Create the Aspen GDOT service account (e.g., it could be named “GDOTLauncher”), following this guidance:
This account should be a domain account for computers configured as members of a domain, or a local account for Workgroup or stand-alone computers.
Password should be set to never expire
The service account must be added to the local Administrators group (this is not required for machines with only GDOT Console installed).
Make sure to add the account to one or more of the GDOT user groups
4.- The user account name and password can be adjusted to adhere to any site-specific IM requirements and specifications, as long as the username and password are recorded for later DCOM registration of GDOT applications.
5.- When GDOT applications are connected to an OPC server that runs under a certain account on another machine and these machines are Workgroup computers (not Domain computers) using local user accounts, then it will be required to create an account with the same name and password, on the Aspen GDOT machine, and that account has to be added to one of the Aspen GDOT user groups
6.- The account used by the GDOT apps must remain logged in to the system (typically logged in through an RDP session). This is because the DCOM configurations of the applications expect that the user is logged in interactively, and mostly because Excel expects that the user profile is loaded on the system. If the user profile is not loaded, then excel quickly throws an error after the workbook is opened and Model Update will terminate.
7. The need for Administrator rights. This is primarily due to file and directory access permissions.
Keywords
GDOT, Users Account