Adding Password Protection to RS5000 Program

[Gnex 1]

Hello all, I need your Help! We have recent problem which our backup program does not much with the Online program, and we think somebody on our network do some modification. Can anybody help me on this, putting password on the program, their was an option in the security but it was disable. how can I enable that option.

[rpraveenkum 5]

see this tech note for different security option for RSL5K http://rockwellautomation.custhelp.com/cgi...2A%2A&p_li=

[Gnex 1]

Thanks for the site, But I don't have a Rockwell knowledge base subsciption ( Too expensive). if you do have a copy may I have one.

[rpraveenkum 5]

Rockwell knowledge base also has free subsciption Security and RSLogix 5000 software - General Information. Question As of RSLogix 5000 version 10.00, there are two security tools and two software options to limit access to a Logix controller. Answer In addition to this Knowledgebase article, please review the Logix5000 Controllers Common Procedures Programming Manual (1756-PM001I-EN-P ) for a Chapter detailing “Security and RSLogix 5000 software”.Click Here The security tools are implemented as standalone utilities. These tools can be installed from the RSLogix 5000 cdrom. The security tools can also be downloaded and installed from: Software Updates web site offers the Tools along with RSLogix 5000 software: http://rockwellautomation.com/support/webupdates/ Rockwell Software Utilities & Downloads web site provides select Tools, by searching for "RSLogix". http://rockwellautomation.com/rockwellsoftware/downloads/ ---------------------------------------------------------------------------------------------------------- Logix CPU Security Tool The Logix CPU Security tool was created to protect the controller from unauthorized usage. A single supplied password "Locks" or "Unlocks" the controller. Once locked, this tool prevents RSLogix 5000 software from being able to go on-line with the controller. When the controller is secured ("Locked"), no one will be able to go on-line with the processor by any means until the processor is unsecured ("Unlocked"). You must use the Logix CPU Security tool to unsecure it. Important: THERE ARE ABSOLUTELY NO BACKDOOR METHODS TO BYPASS THIS SECURITY. Special Notes: RSLogix 5000 doesn't prompt to lock or unlock. The Logix CPU Security tool must be launched separately. Tag values, in a locked controller, still have read / write access by messaging and through DDE/OPC communications. The Logix CPU Security tool is only supported by ControlLogix, CompactLogix, FlexLogix, and DriveLogix controllers, running Version 6.x and later firmware. The RSLogix Emulate 5000 and SoftLogix5800 controllers do not support this password protection functionality. Version 1.00 only connects via the controllers serial port. Version 2.00 adds the ability to browse a remote communication path using RSLinx. Version 3.00 can save secured state and relative password to controller's Nonvolatile Storage (NVS) memory. The controller must run firmware v15 or higher to support this capability. ---------------------------------------------------------------------------------------------------------- Routine Source Protection Tool The RSLogix 5000 Source Protection Tool (a.k.a. OEM Lock) allows you to password protect your Routines with a source key. Starting with RSLogix 5000 v7 separate executable files <SP.exe> were made available to support each version of RSLogix 5000. The tool was later integrated into RSLogix 5000 v13 and higher software, where configuration is enabled using an executable file <RS5KSrcPtc.exe>. Once enabled, it is accessed from the RSLogix 5000 menu under Tools > Security > Configure Source Protection. How it Works: The RSLogix 5000 programmer applies a source key ("password") to the desired routines. Each routine can have the same source key or a unique source key, but multiple source keys cannot protect an individual routine. All source keys are maintained in a single file called <Sk.dat>. The programmer selects where <Sk.dat> is to be located on the local hard drive. Then only configured RSLogix 5000 workstations, pointing to the <Sk.dat> file, will be able to access protected routine. The routine protection tool encrypts the source keys, using the Microsoft Cryptographic Application Programming Interface, and then stores them in the RSLogix 5000 project file (.ACD). The source keys remain encrypted in the controller following download. In order for a other RSLogix 5000 workstations to gain access to the protected routines, these workstations must first: Add the ability to configure routine source protection. (run RS5KSrcPtc.exe ) Use RSLogix 5000 to select Tools > Security > Configure Source Protection. This utility will allow the user to specify the location of the Source Key (SK.DAT). Then copy the SK.DAT file from the original PC to the new PC so the new users have full access to the protected routines. There is also an option to "Allow viewing of routine" which allows a routine to be viewed, but not edited. The routine background will appear gray in color on workstations not containing the <Sk.dat> file. Special Notes: RSLogix 5000 v15 and earlier do not Export source protected Routines to L5K format. RSLogix 5000 v16 Export/Import maintains source protected Routine data in an encrypted format. ---------------------------------------------------------------------------------------------------------- RSLogix 5000 "Service Edition" software In addtion to the security tools, there is a reduced functionality version of RSLogix 5000. Service Edition supports all Logix5000 Controllers v12 and higher. See Answer ID 25258 for more details. Click Here You Can: View and monitor controller configuration and code. (No Edits) VIEW ONLY for All Languages (FBD, LD, SFC, ST) and PhaseManager. Load / Store to non-volatile memory. Tag data strip chart graphical trending. Printing of application reports. You Can Not: Upload from the controller without an offline copy of the project. Import tags. Select rungs Optional features may be disabled via Windows Registry Settings: Modification of tag data values and I/O and SFC Forcing (initially enabled) Upload / Download of projects from/to controllers (initially enabled) REG files provided on CD to disable and re-enable these options ---------------------------------------------------------------------------------------------------------- RSI Security Server software Security Server was Rockwell Software's first centralized system for restricting access to resources.The Security feature allows you to control the individual users access to RSLogix 5000 projects and controllers. Read below for details on the new FactoryTalkTM Security. There are two forms of the Security Server software: Standalone Edition (distributed with RSLogix 5000 software), which gives you local control over security functions on the machine where you install the Security Server. Intended for installation on standalone computer and run within the local admin account. Network Edition (purchased separately) which gives you centralized control over security functions for Rockwell Software products over your entire network. Network Edition has some features the Standalone Edition does not have, including network administration. Typically, you would use RSI Security Server software to grant or deny permission to perform a particular action on a particular project to a particular person at a particular workstation based upon: user ID (i.e., the user’s login name) workstation ID action name (i.e., the activity the user is trying to perform, such as data table modification, or processor mode change) resource name (i.e., controller name) When used with RSLogix 5000 (v10-v13) software, RSI Security Server supports 3 global actions and 6 project-related actions: Global Actions are not tied to a specific project, and may include: securing the controller creating a new project (either through the New Controller dialog, or through the Translator Tool utility) updating your firmware. Project Actions allow you to perform specific tasks on a specific project or group of projects, and may include: viewing a project going on-line maintaining a project (e.g., saving, converting, exporting, downloading, setting/forcing tag values, etc.) full access (e.g., editing a project) unsecuring the controller updating firmware. RSLogix 5000 (v15 and greater) received four Action Groups to provide a finer granularity of options when securing. Global Actions (v15+) are not tied to a specific project, and may include Secure an unsecured controller Create a new RSLogix 5000 project Use RSLogix 5000 to start ControlFLASH Modify workstation options Modify print options Customize toolbars Project Actions ( v15+) provides four configurable action groups: View Project Open a (read-only) version of the project Go Online Go online with View Project access Maintain Project Have limited maintenance-type access to the projects Edit the fault log, including clearing faults Change controller modes Convert the .ACD file to a higher revision Change controller type Edit module properties Print reports Compact a project file Download a project to a controller Save a project in .L5K format Go online with a project Set, clear, or modify the path associated with a given project Save a project Save a project to a new .acd file Upload a project from a controller Force tags and enable/disable existing forces Change tag values Create trends Delete trends Edit trend properties Run trends Use RSLogix 5000 to start ControlFLASH to update controller firmware Full Access Lock/unlock the controller for online edits Edit controller properties Create modules in the Controller Organizer Delete modules in the Controller Organizer Perform high impact operations such as module reset and calibration. Perform low impact operations such as resetting electronic fuses Perform axis direct commands Modify axis, coordinate system or motion group properties. Load from non-volatile memory Store to non-volatile memory Create equipment phases Delete equipment phases Manually control equipment phases Edit equipment phases Map PLC or SLC messages Create programs Delete programs Edit program properties Create a routine Delete a routine Manually control routine logic Edit routine logic Edit routine properties Create tags Delete tags Edit tag properties Create tasks Delete tasks Edit task properties, including program scheduling Create user-defined data types or string types Delete user-defined data types or string types Edit user-defined data types or string types Unsecure a secured controller RSLogix 5000 version 16 provides tighter integration with Security software and improved ease-of-use Allows users to log on / off of FactoryTalk Security through RSLogix 5000 and also change to a new user when a session has already been initiated by another user. When security is enabled: a Security Server Log On menu option will be added to the Tools->Security menu a Security tab will appear in the Workstation Options Categories tree allowing the user to configure how RSLogix 5000 interacts with the security server Granular Security Actions Added for GuardLogix – In version16, users can assign granular security actions to safety components using the Security Server. The following granular actions are available in the Security Server explorer. Safety: Generate/Delete Signature Safety: Lock/Unlock Safety: Modify Component Safety: Modify Tag Mappings Granular Security Actions Added for Add-On Instructions – In version16, users can assign granular security actions to Add-On Instruction components using the Security Server. The following granular actions are available in the Security Server explorer. Add-On Instruction: Create Add-On Instruction: Delete Add-On Instruction: Modify For more information on RSI Security Server A Getting Results with Rockwell Software's Security Server (Standalone Edition) publication ships with the Security Server software. You can also reference the RSI Security Server on-line help system for additional information. ---------------------------------------------------------------------------------------------------------- FactoryTalk™Security RSLogix 5000 software v10-v16 has been written to work with RSI Security Server, but can be used with the newFactoryTalk™ Security (previous referred to as RSAssetSecurity). This is intended to improve the security of your automation system by limiting access to those with a legitimate need. FactoryTalk™ Security authenticates user identities and authorizes user requests to access a FactoryTalk-enabled system. These security services are fully integrated into the FactoryTalk Directory and are included as part of the FactoryTalk Automation Platform that installs with many products. For the Client side use the RSI Security emulator for use withFactoryTalk™ Security (read Factory Talk) Server side migration tool may be used to migrate some RSI Security Server data to Factory Talk for use inFactoryTalk™ Security. Note: Some customers may not want to migrate, if resource and action groups are important to them.FactoryTalk™ Security does not yet handle them and Action descriptions only exist for policies, not for device/project actions. ---------------------------------------------------------------------------------------------------------- Final Note: Carefully review all of the information above before implementing a security solution. Please be aware that after the installation and enable of Security, the methods used for uninstallation and removal can be quite involved. Full administrative priviledge is needed to uninstall software. Admin's then need to contact Technical Support for specific procedures on how to disable Security from the supporting applications. Depending upon the extent of the installation, signing of a removal permission form maybe required.

[Gnex 1]

Thank you! I need time to do all thus things. More power to you; Praveen Kumar

[rpraveenkum 5]

Gnex you have select the right one

[huy doan 0]

Hello all. i have a question. 

If you install security for CPU, this is only prevent upload and edit program. However others still can download new program to PLC. Can you help me to understand clearly.