cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We are happy to announce the new Windchill Customization board! Learn more.

How to catch a shifty consultant

pnelson
3-Visitor
3-Visitor
‎Aug 04, 2015 06:38 AM
‎Aug 04, 2015 06:38 AM

How to catch a shifty consultant

I thought that would get some attention.

I need to tighten up Windchill security because there appears to be an issue with administrator passwords being changed.  I believe I know who is doing it, but don’t know why they would, and I can’t yet prove it.  I would like to document who is doing it.  If that is not possible, I would like to eliminate any chance that it is being done through a “back door” and lock down that access.  Can I simply change the password for the “other system”, or would that cause issues in other places?  We are not using Active Directory.  If I shouldn’t change that password, what other ways are there to improve security and verify how this is happening?  Thanks!

 

 

Labels:
0 Kudos
Notify Moderator
3 REPLIES 3
mbonka
15-Moonstone
15-Moonstone
(To:pnelson)
‎Aug 04, 2015 07:06 AM
‎Aug 04, 2015 07:06 AM

Hello,

we had similar problem like you before a short time. Our IT person changed system admin password without any knowledge what can happend. After this change started problems.

- wt.backup script (aplication from David Davidson) that we use for backup was broken, because admin password was changed

- wt.backup script was generating error logs file during whole night (totaly 25k files). When harddisk was full (2MB rest) so it was stoped

- second day morning l started Creo parametric and it told me: "l can´t start Windchill, contact your admin".

Result:

- password was changed

- EVERYONE knows new password

- no better security

- problems with backup settings

Our company:

In our company EVERYONE knows system admin password.

Everyone can install whichever freeware program on his local station.

Everyone can change everything in his computer ---> config.SUP in TEXT directory, that should be Creo parametric company standard config can be changed als everyone whish ---> company standards are broken. Afterwards everyone cryies: "Why it doesn´t work?"

My recommendation:

System admin password should know only 2-3 responsible persons. Depend on company size.

Regards Milan

0 Kudos
Notify Moderator
TomU
23-Emerald IV
23-Emerald IV
(To:pnelson)
‎Aug 04, 2015 09:26 AM
‎Aug 04, 2015 09:26 AM

You can enable auditing for password changes in Windchill.  See this article: https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS191950

Here is the section in the help documentation (Configuring Audit Event Recording):

http://support.ptc.com/cs/help/windchill_hc/wc102_hc/index.jspx?id=AuditAdminAuditEventRecordConfig&action=show

This won't catch someone making changes directly in the LDAP, but I wouldn't be surprised if there isn't something in those logs as well.

Notify Moderator
BineshKumar1
12-Amethyst
12-Amethyst
(To:TomU)
‎Aug 04, 2015 09:57 AM
‎Aug 04, 2015 09:57 AM

The best option to follow is disable all privileged generic accounts.

  • wcadmin/orgadmin
  • Windows Administrator
  • SA Account/System.

Provide individual user accounts specific permissions which is needed to get the task done. If we have to track down who is doing what, we would need specific user accounts to perform privileged actions

Thanks

Binesh

Barry Wehmiller

Notify Moderator
Top Tags