To provide the following features, ClearSCADA has to interact with Windows via a Windows user account:
- System Calls
- Printing
- File Upload
- Performance Monitoring.
In Windows, access to these features requires the use of a Windows user account that has suitable permissions and in some cases, is part of a specific Windows user group. So, if ClearSCADA is to make use of one or more of these features, it has to be running under a Windows user account that has the required Windows permissions. For example, in ClearSCADA you can print a Mimic. But the Mimic will only print if the ClearSCADA client is running on a PC that is currently logged on to Windows via a Windows user account that has the permission to print.
So when you are setting up ClearSCADA servers and clients, you should consider the permissions that are allocated to the Windows user accounts under which ClearSCADA will run.
For maximum security, we recommend that you configure the Windows user accounts so that they only provide access to the programs, files, printers and PCs that are actually needed. For example, if you need ClearSCADA users to be able to execute system calls on one specific program, use a Windows user account that only provides access to that program. This will mean that your ClearSCADA server and clients can only access the programs, printers, files and PCs that are needed as part of your operational requirements.
On PCs where the system calls, printing, file upload and performance monitoring features will only be used locally, you can use a local Windows account. You will need to set the local Windows account to have suitable permissions in Windows.
On PCs where ClearSCADA will use the system calls, printing, file upload and performance monitoring features over a network, you will need to use a domain Windows user account. You will need to set the domain Windows user account to have suitable permissions in Windows.
For more information on configuring Windows user accounts and Windows user account permissions, please refer to your Windows documentation.