Audit trail flooded by CS2, guest user
Ver 4.1, I've audit trail configured with filter for OperatorAction, but for some reason list is getting flooded by node CS2, user guest and From and To values are same. no user is logged on CS2. This is making Audit list pretty much unusable.
Please help me to get rid of it or atleast hide audit trail from guest user.
Voted best answer
Its true that the service account is exempted from audit trail, however, the service account does also bypass all security in 800xA!
Instead of giving away the "master key" to the external OPC client I'd do this instead:
1) If not already connected this way, reconfigure the external client to connect to the ABB.OpcDaSurrogate.1 OPC server instead of the ABB.OpcDaServer.1.
2) Inhibit audit in the surrogate server via setting this registry key to 1:[HKEY_LOCAL_MACHINE\SOFTWARE\ABB\AFW\SystemModules\OPCToolkit\1.0-0\private\O
3) Create a proper Windows account, make it member of the IndustrialITUser group, add it to 800xA, set up appropriate privileges (as little as possible, eg "Operate" solely on the tags it do need to write to) and finally reconfigure the OPC client to from this new account. If it is not possible to change user (e.g. the client program need to run as Local System) use dcomcnfg.exe to reconfigure the surrogate server's Launch Identity to launch as "This user..." (+the account created earlier) instead of the default launching user.
From 5.0 SP2 RevE and 5.1 RevB step 3 became *mandatory* due to a DCOM security loophole.