Skip to main content
InSource Solutions

TN AppSvr298 Change Network Account Details

InSource_Logo_Transparent (1).png

 

INTERNAL USE ONLY

It is not intended for general distribution to end customers.

 

Description

This article from InSource provides more detail on what the Wonderware Change Utility does besides what is explained in the help document. 

  • Author:  Rich Brooks
  • Published:  5/17/2018
  • Applies to:  Wonderware System Platform 2014R2 and higher

Details

Basically it adds the user to the Administrators group and then gives the user the following rights:

 

SeTcbPrivilege – Act as part of the operating system.

SeServiceLogonRight:  Log on as a service

SeBatchLogonRight:  Log on as a batch job

 

It also changes some DCOM settings.

 

Change Network Account utility changes following:

 

01: SeSecurityPrivilege  ---   Manage auditing and security log

02: SeBackupPrivilege  ---   Back up files and directories

03: SeRestorePrivilege  ---   Restore files and directories

04: SeSystemtimePrivilege  ---   Change the system time

05: SeShutdownPrivilege  ---   Shut down the system

06: SeRemoteShutdownPrivilege  ---   Force shutdown from a remote system

07: SeTakeOwnershipPrivilege  ---   Take ownership of files or other objects

08: SeDebugPrivilege  ---   Debug programs

09: SeSystemEnvironmentPrivilege  ---   Modify firmware environment values

10: SeSystemProfilePrivilege  ---   Profile system performance

11: SeProfileSingleProcessPrivilege  ---   Profile single process

12: SeIncreaseBasePriorityPrivilege  ---   Increase scheduling priority

13: SeLoadDriverPrivilege  ---   Load and unload device drivers

14: SeCreatePagefilePrivilege  ---   Create a pagefile

15: SeIncreaseQuotaPrivilege  ---   Adjust memory quotas for a process

16: SeChangeNotifyPrivilege  ---   Bypass traverse checking

17: SeUndockPrivilege  ---   Remove computer from docking station

18: SeManageVolumePrivilege  ---   Perform volume maintenance tasks

19: SeImpersonatePrivilege  ---   Impersonate a client after authentication

20: SeCreateGlobalPrivilege  ---   Create global objects

21: SeInteractiveLogonRight  ---   <no description>

22: SeNetworkLogonRight  ---   <no description>

23: SeRemoteInteractiveLogonRight  ---   <no description>

 

NOTE:  This information may be provided to customers on an "as needed" basis when the Change Network Account utility does not resolve an issue.  Sometimes established AD policies interfere with System Platform.  One example is the communication between platforms as required for deployment.  The Change Network Account utility does change some security policies that are needed for System Platform to function properly.