Change the Run-As account
- Last UpdatedNov 05, 2024
- 1 minute read
If you have configured the interface to send OMF Health data and need to change the Run-As account, follow the procedure detailed in this section. This will not apply if you have opted to not configure for OMF Health data.
At startup of the interface, security information for OMF Health endpoints in the config file (username/password, or clientid/clientsecrent) is transferred to Windows Credential Manager. That information is then removed from the config file.
On restart of the interface, the security login information is then read from the Windows Credential Manager.
Note: For additional information on the config file and the secure fields, refer to Interface security configuration overview
For example, on first run of a service we have the info in the file:
EndPointType=PIWebAPI
EndPoint=mycomputername
User=myusername
Password=mypassword
After the interface service starts, it will update the file and remove the private information:
EndPointType=PIWebAPI
Endpoint=mycomputername
User=xxxxxxxxxx
Password=xxxxxxxxxx
To change the Run-As account of the interface service:
-
Stop the interface.
-
Edit the interface startup batch file by adding the /omf_clear command line option, restart the interface to clean up the entries in the Windows Credential Manager.
-
Remove the /omf_clear command line parameter from the interface startup batch file.
-
Update the config file that is in the same directory as the interface executable, setting the value of the username/password, or clientid/clientsecret to the correct values, configure the Run As account to the required value, and restart the interface.
Note: For improved security, we recommend running the interface service under a non-administrative account, such as a Windows built-in service virtual account, or a non-administrative account that you create.