Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Server Installation and Configuration (PI Server 2018)

TABLE OF CONTENTS

Risk of using non-impersonated connections

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedOct 02, 2024
  • 1 minute read

Depending on the configuration of the SQL Server, a user with PI AF administrator privileges could create attacks on the SQL Server and take full control of the system if these following conditions exist:

  • A PI AF table is configured to use the PI AF server identity for linking to an external database.

  • Non-impersonated linked (external) tables are enabled on the PI AF server.

    By default, non-impersonated linked tables are disabled on the PI AF server. In order for a user to execute an attack, that user would need to enable non-impersonated external tables.

  • The PI AF server account has administrative rights on a SQL Server.

    By default, the PI AF server runs under a virtual account, NT SERVICE\AFService, and does not have administrative rights to the locally-configured SQL Server or access to remote computer databases. Without administrator rights to the remote database, the possibility for elevation of privilege attacks is limited.

    Caution: For security reasons, do not grant the PI AF server administrative privileges on the computer or SQL Server when running with non-impersonated queries.

TitleResults for “How to create a CRG?”Also Available in