Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Server Installation and Configuration (PI Server 2018)

TABLE OF CONTENTS

Understand how to protect piadmin in PI SMT

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedFeb 12, 2025
  • 1 minute read

The piadmin PI user is the Data Archive super-user account. Take the following basic measures to protect this powerful account:

  • Disable explicit logins for the piadmin account (Disable explicit logins for piadmin). Explicit logins (also called password authentication) on the Data Archive server are not nearly as secure as Windows authentication or PI trusts. Although the password mechanism performs as designed, weakness exists due to the use of a proprietary cypher developed in the 1990s that has not been modified to keep up with modern cryptographic advances. In short, the explicit login as an authentication method is not secure from malicious actors. Instead, control access to this account through Windows authentication.

  • If you cannot disable explicit logins for the piadmin account, then at least make sure that the piadmin account does not have a blank password. New Data Archive installations require a password for piadmin. While this is not mandatory for upgrades, it is strongly recommended.

  • Restrict piadmin access to a small group of trusted administrators.

    Note: Do not use piadmin for normal administrative tasks. See The piadmin user for more information.

TitleResults for “How to create a CRG?”Also Available in