
CHANGING THE EXPERION PKS WINDOWS ACCOUNT PASSWORDS

AFFECTED HARDWARE RELEASE:
	Experion PKS, PlantScape, & TPS/TPN

AFFECTED SOFTWARE RELEASE:
	Experion PKS R100, PlantScape R400 or later,
	TPS/TPN Knowledge Builder R06_02 or later,
	and Knowledge Builder 4.0 or later
	
AFFECTED CUSTOMERS:
  This affects stand-alone Knowledge Builder 4.0 or later users.

  Refer to this document for additional information with regards to system installs.

	Experion PKS Software Installation Guide
	  Doc No.  	 EP-DCSX31
	  Release  	 101
	  Last Rev date	 6/23/03

-----------------------------------------------------------------------------

PROBLEM SUMMARY
Experion PKS, PlantScape and Knowledge Builder include shared directories as part
of their infrastructure. Access to these directories is managed by a common permissions
strategy in which standard default user accounts and passwords are established on the
computers where this software is installed. This permissions strategy has been successfully
circumvented by some of the more robust Computer Viruses currently attacking and infecting
computers world-wide.

CUSTOMER OBSERVABLE SYMPTOMS
Observable symptoms of infected computers depend upon the specific virus. Symptom details
can be reviewed in the Virus Information area of the McAfee Security Web site. Potential for
attack can be observed by examining the security settings of any shared directories on the computer.

ESTIMATED PROBABAILITY OF OCCURANCE
Any computer or network connected to the Internet is susceptible to attack by computer viruses.
Computers with shared directories are at increased risk. There are no known instances of infected,
process connected Experion PKS, PlantScape or TPS/TPN systems due to the current permissions strategy.
However, infections have been reported in several test environments.

---------------------------------------------------------------------------------------------

ACTIONS
The Password Change Utility (pwdutil.exe) permits the user to apply new and locally defined passwords
for the shared directories created and used by Experion PKS, PlantScape and the Knowledge Builder.
It is recommended that all affected users execute this utility.

  CONSIDERATIONS
    New passwords are restricted so that they must be 8 to 14 characters in length, and must contain
    at least one (1) numeric character and (1) alphabetic character.

    In addition, to further reduce the risk of infection, the following commonly attacked passwords
    will be not allowed:

      test1234     admin1234      mngr1234    engr1234     oper1234     temp1234


  TO CHANGE THE EXPERION PKS WINDOWS ACCOUNT PASSWORDS:

   1. Insert the Experion PKS R200 Knowledge Builder CD into the CD-ROM drive.
   2. In Windows Explorer, browse to the Utilities/Password Utility folder on the CD and 
      double-click the pwdutil.exe file. 

      A dialog listing the standard accounts established by the current security strategy per release, 
      and that are active on the local system, will be displayed.
	
      Since Experion PKS R200 includes a new security architecture the password change utility will warn
      the user if it finds the existence of accounts that are no longer required.  (These older accounts
      can be removed.)
   
      The administrator account should be changed with regards to the standard password changes.      


   3. Select each account for which you wish to establish a new locally defined password, then enter
      new password and confirm the new password and then click OK.

   4. Occasionally when changing the MNGR account, a dialog may appear stating that the HSC return code was ".".
      When this occurs click OK and continue. This error can be ignored.

   5. When finished changing Windows account passwords, click Done.

   6. Click OK to set the passwords.

      The computer may restart.






