Can anyone give me a succinct answer as to what (Windows) security I need to apply to enable the following scenario?
On a SCADA server, scanning lots of different plant systems...
PIBuffer subsystem running under either the LocalSystem or (better to my mind) a 'no interative logon' service account.
Old API based interface running as part of a FactoryLink SCADA system in an interactive session - it cannot be run non-interactively.
If I configure the buffering to run as an account that's a member of the Admin group and the interactive session is also logged in as that account then buffering works. If the interactive session is some other user then the API interface fails to open the shared memory buffer of the API Buffering system. I obviously don't want to run an interactive session as an admin so what security rights does the interactive user need in order to enable the API program to connect to the memory buffers? And ideally I don't want the buffering running as an admin either though that's less of an issue since it's not able to login interactively.