Intouch 7.x

J

Thread Starter

Jef Verdoodt

Hi all,
I want to bulletproof my Wonderware Intouch 7.x applications. Why? We install the applications on computers in different countries. And when we left there, the people are always messing with the computers (games, music, ...). I think there exist programs to startup a computer, so they can acces only the programs that I defined. If so, which programs are there (for free). If not so, how can I bulletproof the application?

Kind regards Jef
 
L

Lewis Bodden

No matter what precautions you take, an industrious operator will figure out how to play his games or tinker. Two things can help to discourage unauthorized use:

1) Post a warning not to use the computer for anything other than a dedicated control system.

2) Provide a computer that they can use for e-mail, browsing and games.

I have had a lot of luck with this.

The warning should read something like:

WARNING: Dedicated Control System
Use of e-mail, browsers, games or other software are prohibited on this system.
Only authorized installation of software, upgrades, and configuration may be made to this computer. You must obtain approval in writing before proceeding.
Do not change logon, password, add additional users, or share disk drives.
Violation of this usage policy will result in disciplinary action!

You can make this warning into a bitmap and use it as a background on the desktop.

RSview32 does not have the market cornered on desktop protection. You can search Tucows for some programs to try.

[email protected]
 
Ditto VisualAutomation's Secure Desktop. I've used it many times for a number of different HMIs; it's a great product.
 
J

Jerry Robertson - BTS Systems, Inc.

I have used Intouch in several GM assembly plants and successfully locked them up to the point that no one was able to get in without a password. This was done on WinNT and 2K. What platform are you running?

This was done without any third party programs using utilities from Wonderware and by setting up the computers in special ways.

If you contact me off-line I would be glad to help but I really don't want to post the methods on a public forum like this.

The other thing we did was to create a recovery CD that absolutely, positively returned the computer to the state we left it in if it crashed.

Let me know if I can help.

Jerry
[email protected]
 
P
InTouch has several methods to prevent users from gaining access to other parts of the system. If you are running it on Windows NT then set it up
to run as a service, which can be protected using the NT security system. Alternatively, from within InTouch and the configuration of WindowViewer you can remove menu elements, lock certain key strokes, and make it impossible to close the running application. In addition, InTouch has the ability to stop itself in runtime with the WWControl command, which can be associated to a button. It can then be configured to a system admin user with one of the 9,999 different security levels available. (System
Admin tends to be any level over 9000 - allowing other critical elements to be configured in runtime i.e. security, etc.)

Hope this helps!
 
G

Glass, Philip

That sounds like a shameless, sleazy plug.
The question wasn't asked, "How would RSView handle it?"
Incidentally, Desktop Lock can be hacked.

You can do quite a bit with the NT Policy Editor. But that can be hacked easily as well, so it all depends on the level of operators using the
system. Personally, I'd do very little aside from disabling task switching and the ctrl+alt keys. I think, beyond that, it becomes an administrative
issue. I would approach it from the management-side.

Phil
 
D

Donald Pittendrigh

HI All

Disable all the options which can be used to switch to the desktop in the windowviewer
configuration. Disable the options for sizing the desktop and shutting down the application. Provide a password protected pushbutton for closing window viewer if needed.
Set up the PC to auto-log on and auto start InTouch, provide a button in your application to start or run solitaire. See how quickly they get tired of playing solitaire and forget about the quest for games.

Best solution yet, use terminal services and set up the access rights only for the programs you need, then remove the keyboard mouse and monitor from the server.

Bye
Donald Pittendrigh
 
W
If you are running on NT you can set it up to boot up into your application and you can remove everything off of the start menu (windows start button on desktop) so there is nothing to choose from except WW runtime.(see NT administrators guide). As long as you have set up WW so that ALT-TAB is disabled and your windows are full screen they will be stuck in WW. If they are able to boot up and somehow not get into WW or they manage to close it, with the NT mods they can't navigate around because there is nothing to see on the desktop and nothing on the start menu! It is probably possible to do this with Win2K but I haven't looked into.

Regards.
 
J

Johnson, Eric D

Jef, I have done this with Windows NT (but 2000 should work also) and Wonderware 7.0 without adding any software and no operator break-ins. (From a little foggy memory) What I did was create a standard Operator logon into NT at the user level with no access to the desk top (via policies in the User Manager). Then make this user autologon (edit registry) and start
wonderware as a NT service.

The end result is when the computer boots up it will automatically login to NT as the basic operator and start Window Viewer with your default screen. Then the operator is locked out of the desktop and only has access to programs that you give through wonderware. If the Administrator needs to login to make changes of any kind, you hold down the shift key while NT
boots and the login screen will appear.

This is from memory, I don't have the exact steps I use with me, but if you would like a step by step instructions (including registry edits) please let me know and I can email you or re-post it to the list.

Thanks,

Eric Johnson
 
R
You did not mention what OS you are using. If NT, try modifying the policy using the policy editor. You can severely limit the access and visible
selections to a specified logged in user.
 
J
Thanx all for the sollutions!
I'll let you know how I did it. Its a good and easy solution.
I installed the Keyboard filter from the KBCD. And i started the IO server as an NT service. In my opinion its better not to start the hist data and the Viewer as an NT service. Because someone I know discoverd problems with it.
I also discoverd 1 problem with the keyboard filter... At a powerfailure, the keyboard is fully disabled. the only way to start up properly again, is to start up in safe mode. Then shut down the computer properly, and start up again.
Anyone discovered the same problem?

regard
Jef
 
it is very easy to create a small program that will disable all the diffrent key combos that can get you past the top screen. that in conjunction with InTouch should should stop almost all people. i'm actually in the process of programming a similar program now.
 
Top