noorloai

Joining HMI PC to domain using FT SE

4 posts in this topic

Hello,


We have a customer who wants to connect the HMI PC of FT SE to their domain and to use their own authentication. After investigating the application, it seems our application uses a windows-linked user group and VBA script for login and security permission. For some reason, it’s not using FT SE built-in login feature.

We have mapped the HMI PC to the domain and generated new users in the domain and tried to run the application and login with the new users, we got fail with a Permission Denied exception

We trace VBA code and found the root cause of the issue is that the VBA script is looking at which groups the login user is a part of does not have permission to look at domain users. This is because the VBA script is running under the local HMIUser account, which does not have any visibility on whichever domain the PC is joined to.

  see below

 

Function getCurrentUsersGroup(Optional username As String) As String

        Dim strUserName As String
        Dim Domain As String
        Dim i As Integer
        Dim userLevel As Integer
        userLevel = 0
        i = 0
                
        Dim objGroup    As Object
        Dim objUser     As Object
        Dim objNetwork  As Object
        
        If username = "" Then
            Set objNetwork = CreateObject("WScript.Network")
            strUserName = objNetwork.UserDomain & "/" & objNetwork.username
        Else
            strUserName = username
        End If
        
        strUserName = Replace(strUserName, "\", "/")
        If InStr(strUserName, "/") Then
            ' No action: Domain has already been supplied in the user name
        Else
                Set objNetwork = CreateObject("WScript.Network")
                Domain = objNetwork.UserDomain
                strUserName = Domain & "/" & strUserName
        End If
        
        Set objUser = GetObject("WinNT://" & strUserName & ",user")
        If objUser Is Nothing Then
            ' Error handling
        Else
            For Each objGroup In objUser.Groups
                i = getAuthLevel(objGroup.name)
                If userLevel < i Then
                    userLevel = i
                End If
            Next objGroup
        End If
        

GetObject looks for user object... if that user is on a domain (eg. TESTDOMAIN\domeng )

then it will fail with a Permission Denied exception

I am wondering if there is a function/method that we can use to solve this issue?

I am not very fluent in VBA but I think I could stumble through it if given an idea of how to tackle this.

Thank you and appreciate your response in advance

 

Share this post


Link to post
Share on other sites

Once you add the HMI PC to the domain, you also need to add it to Factorytalk security in FT admin console. Right now although you have it domain, its not configured for Factorytalk security.

Share this post


Link to post
Share on other sites

thanks for your response ameyzingg. We have already added the users to FT administrative console, but The script in the application doesn’t allow domains it's only seeing the local users not domain users.

I am wondering if there is any way to read domain users in VBA?

Thanks

 

Edited by noorloai

Share this post


Link to post
Share on other sites

I was saying about the HMI PC computer itself, not the users. Have you added the HMI PC computer under Systems > Computers and Groups > Computers?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now