When setting up workstation security, one of the considerations is what happens to idle sessions, particularly on dedicated operator stations. There are additional considerations when setting up remote client sessions, such as what happens to engineering personnel using laptops who are subject to disconnects while moving through a plant.
In addition to Windows Remote Desktop Services and other Windows settings, there are two DeltaV features that affect DeltaV behavior after a screen saver timeout or disconnect. The two features have some overlapping functionality, but are intended for two different uses though they can both be enabled and have some interaction so both are discussed in this topic.
FlexLock DeltaV Autologon is intended primarily for engineering users logging on through remote client sessions. Autologon ensures that the user remains logged in to DeltaV software (except as noted below). If Autologon is enabled, when a Windows user who is also a DeltaV user logging on to the workstation or remote client session is also logged on to the DeltaV system.
When a user logs on to a remote client session the DeltaV system selects an available Remote Desktop Services session to log on to.
Users who are logged on through remote client sessions are not logged off of their DeltaV session if the connection is temporarily disrupted. When the connection is regained, these users' DeltaV sessions continue, subject to the limitations of the timeouts set in Windows Remote Desktop Services server. If another DeltaV user has logged on to the DeltaV system after the original Windows user, the second user is logged off after a disconnect or timeout and the original Windows user is logged on to the DeltaV system.
When DeltaV Autologon is enabled, there is always a DeltaV user logged on (if the user logged on to Windows is a valid DeltaV user).
The primary purpose of DeltaVScreenSaver is to define what happens on a dedicated DeltaV workstation when the screen saver times out; specifically, to keep the computer secure with a non-privileged user logged in and alarms visible. Unlike other screen savers, the DeltaVScreenSaver does not blank the screen or display an alternate graphic. The screen saver can either log on the DeltaV user specified in the DeltaVScreenSaver; or, log off the current DeltaV user leaving <none> logged on. The screen saver does not affect the logged on Windows user.
When the screen saver is configured to log on a DeltaV user, DeltaVScreenSaver logs in its user (the DeltaVScreenSaver user) whenever a user logs off of DeltaV.
The DeltaVScreenSaver works normally when connecting to DeltaV using Remote Desktop if the screen savers are allowed by the Remote Desktop Server.
Smart card logons do not affect the DeltaVScreenSaver behavior.
Most screen savers are not compatible with the DeltaV system. For this reason, Emerson recommends that you either use only the DeltaVScreenSaver or do not use a screen saver at all.
In this example, when a DeltaV user session screen saver times out, the DeltaV view-only user is logged on to DeltaV software. This user cannot operate anything, but alarms are visible at the console. An operator who needs to perform a task can log on to DeltaV software. After he completes his task he can log off or let the DeltaV session time out and the view-only user is logged back on.
This occurs because, when the screen saver is activated, the DeltaVScreenSaver logs off the current DeltaV user, and upon logoff, DeltaV Autologon activates and logs the Windows user into DeltaV. This occurs even if no user is logged onto DeltaV at the time the screen saver times out; because, the time out triggers the logoff action and Autologon being enabled triggers the automatic login of the Windows user.
For the following table, the columns are defined as follows:
The Action column lists the possible scenarios in which a DeltaV logon can occur. The next three columns list the Autologon and Screen Saver settings.
The DeltaV Autologon setting is either enabled or disabled (depicted in the table as "Yes" for enabled and "No" for disabled).
The DeltaVScreenSaver settings can be logon, logoff, or disabled. (Logon is depicted as a "Yes" in the DeltaVScreenSaver Logon Enabled column; logoff is a "Yes" in the DeltaVScreenSaver Logoff Enabled column; and disabled is a "No" in both these columns).
The last column represents the resulting user that gets logged onto DeltaV based on the combination of settings and the action that initiated the logon or logoff. It is assumed that the Windows user is a valid DeltaV user.
| Action | DeltaV Autologon enabled | DeltaVScreenSaver Logon enabled | DeltaVScreenSaver Logoff enabled | Resulting user logged into DeltaV |
|---|---|---|---|---|
| User logs onto System (Windows logon) | Yes | Yes | No | Windows user |
| Yes | No | Yes | Windows user | |
| Yes | No | No | Windows user | |
| No | Yes | No | None | |
| No | No | Yes | None | |
| No | No | No | None | |
| User logs onto DeltaV via the DeltaV Logon dialog | The Autologon and DeltaVScreenSaver settings do not affect a logon that is done through the DeltaV Logon dialog. | User the logged onto DeltaV through the DeltaV Logon dialog. | ||
| User logs off of DeltaV | Yes | Yes | No | DeltaVScreenSaver user |
| Yes | No | Yes | Windows user | |
| Yes | No | No | Windows user | |
| No | Yes | No | DeltaVScreenSaver user | |
| No | No | Yes | None | |
| No | No | No | None | |
| DeltaVScreenSaver Activates After Idle Time - a user is logged onto DeltaV at the time the screen saver is activated. | Yes | Yes | No | DeltaVScreenSaver user |
| Yes | No | Yes | Windows user | |
| Yes | No | No | Current DeltaV user (no change) | |
| No | Yes | No | DeltaVScreenSaver user | |
| No | No | Yes | None | |
| No | No | No | Current DeltaV user (no change) | |
| DeltaVScreenSaver Activates After Idle Time - no user is logged onto DeltaV at the time the screen saver is activated. | Yes | Yes | No | DeltaVScreenSaver user |
| Yes | No | Yes | Windows user | |
| Yes | No | No | None | |
| No | Yes | No | DeltaVScreenSaver user | |
| No | No | Yes | None | |
| No | No | No | None | |
| User is disconnected from Remote Desktop session but the Windows Remote Desktop session has not been closed. | Yes | Yes | No | Window user |
| Yes | No | Yes | Window user | |
| Yes | No | No | Window user | |
| No | Yes | No | None | |
| No | No | Yes | None | |
| No | No | No | None | |