Using the Command Line

The following table describes each option in the command line.

SecuritySynchronizer.exe Command Line Parameters 

Command Line Option

Description

/D"domain1 domain2 domain3"

Supplies the name of the domain where the Windows groups are located. You must supply either this parameter or the /L parameter (or both parameters) to enable the Security Synchronizer to locate the Windows groups.

An example when using multiple domains:

/D"name1 name2 name3"

An example when using a single domain:

/Dname1

/L

Indicates that the local computer security configuration where the Windows groups are located. You must supply either this parameter, or the /D<domain name> parameter, or both parameters to enable the Security Synchronizer to locate the Windows groups.

/R

Indicates that all iFIX user accounts not configured to use Windows security will be removed from the security configuration.

Any accounts that do not have the Use Windows Security check box selected in the iFIX Security User Configuration dialog box will be removed from iFIX security with the following exceptions:

  • The Application and System User Autologin accounts are not deleted from iFIX security.
  • The user account that is currently logged in is not deleted from iFIX security.

/ENode.Tag.Field

Supplies the name of an analog iFIX database tag and floating point (F_) field to which a value is written after the Security Synchronizer completes. The value written to this tag indicates the most serious error, if any, encountered during the synchronization process. A value of 0 indicates that no errors were encountered.

Refer to Understanding Security Synchronizer Messages for a list of error codes.

/FNode.Tag.Field

Supplies the name of a digital iFIX database tag and floating point (F_) field to which a value is written after the Security Synchronizer completes. A value of 0 indicates that no errors were encountered. A value of 1 indicates that an error was encountered.

You can determine the specific error encountered by checking the security log file or the Analog Error tag, specified using the /E parameter.

/CNode.Tag.Field

Supplies the name of a digital iFIX database tag and floating point (F_) field to which a value is written that indicates that the Security Synchronizer has completed. The value 1 is written when the synchronization has completed.

NOTE: You must manually set this tag's value to 0 before running the Security Synchronizer if you want to determine whether the process has completed.

/T# seconds

Supplies an iFIX Login Time-out value to apply to any new iFIX user accounts created by Security Synchronizer.

If you do not use this parameter, the default value of 0 seconds (no Login Time-out) is used for all new iFIX user accounts.

The maximum value allowed is 86399 seconds, or 23:59:59.

For more information, refer to the Limiting Login Time section.

/Mmap mode

Indicates the security mapping scheme to be used by Security Synchronizer to perform the synchronization.

In iFIX 4.0, 3.5, and 3.0 only the default mapping scheme is valid. The mapping scheme refers to how Windows group names are mapped to iFIX privileges.

NOTE: This parameter is intended for future use only. Do not use this parameter.

/A

Indicates that all messages sent to the security log file should also be sent to the alarm destinations as text messages. If this parameter is not supplied, most messages are not sent to the alarm destinations.

Command Line Parameter Example

A fictitious PlantA domain is used in this example. This command line will:

  • Retrieve Windows Security groups from the PlantA domain.
  • Leave iFIX user accounts intact if they are not using Windows security.
  • Write the final error code to the iFIX database on node SCADA1 (tag name SYNCERROR).

The command line required by the PlantA domain in this example is:

SecuritySynchronizer.exe /DPlantA /ESCADA1.SYNCERROR.F_CV

The following conditions result because the indicated parameters are not used in the previous command line example:

  • iFIX accounts not using Windows security are not removed because the /R parameter is not used.
  • Local Windows security information is ignored because the /L parameter is not used.
  • No digital failure value is written to an iFIX database because the /F parameter is not used.
  • No completion status value is written to an iFIX database because the /C parameter is not used.
  • A default Login Time-out value of 0 seconds is applied to new iFIX user accounts created by the Security Synchronizer because the /T parameter is not used. This causes time-out to be disabled.
  • Messages are not written to the alarm destinations because the /A parameter is not used.

NOTE: You must run the command line while a Windows user is currently logged in to the PlantA domain. Otherwise, the Security Synchronizer fails because it cannot retrieve the Windows security information.

See Also