Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Plant SCADA

TABLE OF CONTENTS

Run as a Service Using a Managed Service Account

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedSep 12, 2025
  • 2 minute read

By default, Plant SCADA operates under the "NT SERVICE\Citect Runtime Manager" virtual service account when running as a service.

However, this may not be appropriate in some circumstances as Plant SCADA’s virtual service account does not have the permissions required to access network locations in a domain-based environment.

For example, you may have an alarm log device that is configured to write to a file that accessed via a UNC path. If Plant SCADA is running as a service, the virtual service account will not be able to access the required network location and a “Cannot open file” hardware alarm will be raised.

To avoid this situation, you can use a Managed Service Account (MSA) to run Plant SCADA as a service. To do this, you will need to run Plant SCADA in a domain-based environment.

To use an MSA to run Plant SCADA as a service:

  1. Create a domain MSA and link the account to the computer where Plant SCADA will run as a service. This may require assistance from your IT administrator.

  2. On the Plant SCADA computer, open Services in the Microsoft Computer Management console (for more information, refer to the operating system documentation provided by Microsoft).

  3. In the list of services, double click on AVEVA Plant SCADA Runtime Services Manager to open the properties dialog.

  4. Go to the Log On tab.

  5. Select This Account, then click the Browse button.

  6. Locate and enter the MSA created in step 1. A ‘$’ character will be automatically added to the end of the user name.

  7. Leave the password fields blank (Windows manages MSA passwords across a domain).

  8. Restart the service.

For Plant SCADA to function correctly, you will also need to add the MSA to the following Windows user groups.

  • SCADA.ServerUsers

  • ArchestrAWebHosting

  • ASBSolution

  • BUILTIN\Performance Monitor Users

Remember to sign out or restart the computer for the new group memberships to take effect.

Finally, you will need to configure appropriate permissions for the MSA on any required network locations to enable access for Plant SCADA.

See Also

Run as a Service Under a Specific User Account

TitleResults for “How to create a CRG?”Also Available in