Logix5000安全加密高级功能

1、InmyboxLogix5000V20增强型安全功能动手实验本次实验假想有两个用户操作权限1. 管理员该用户拥有维护系统安全以及配置用户的最高权限2. 操作员该用户仅能上载和查看程序，不能对程序段进行修改本次实验目的：1. 建立这两个不同权限的用户，通过建立程序来测试该加密功能2. 备份与恢复，在A计算机上做的程序并对程序实施加密，通过将程序和加密文件送给B计算机并且告诉其用户名和密码来实现在B计算机上的还原，这样可以高效的远程编程和有效的保护知识产权实验环境：FactoryTalkServicesPlatform V2.70.00(CPR9 SR5.1)RSLogix5000/20.01.0

2、0 (CPR9 SR5)RSLogixClassi(V2.59.01(CPR9 SR5)实验准备：1. 备份当前系统环境(非常重要)开始-所有程序-RockwellSoftware - FactoryTalkAdmi nistrati on Con sole1 污 FactoryTalk Administration ConstJQ Studio 5000FactoryTa Ik ABOOTP-DHCP ServerOpens? FaFactcryTalk ActivationFacteryTalk ToolsFactoryTalk ViewRSLinx上RSLogix 500中文版RSLog

3、ix 5000 Enterprise SeriesUtilities选择 NetworkInmybox右键-BackupiiantF in-SystemJINew Application.Restcr.HOQ口晶口C3 ;*±-:E-;s-:.E'(+Acti on GrcPoli ciesSecurityn.HNetworks :stlq dviUsere and GroupsCoimecti onsInmybox2. 用户安全设置建立如下用户组和用户名屆0尬押0乜首 Lq官ftadjminUserNamePasswordGroup Membershiplia nn e.o

4、peratorrockwelloperatorsftadm inrockwelladmi nistrator一二J Usrs and GroupEA LJ Vs ar GroupsAdmt ini str at or ：sQFEh令torgAuthenticated Users1 'Windows; Admiiii str ators軽 li aniie, op er at or3. 配置用户安全以防止删除 Window Administrators用户组后被锁在管理注意：在移除 Window Administrators用户组之前，你必须先新建一个用户ftadmin， 让其成为管理员

5、用户，FJI name:员权限之外。FTdmin Pr-apertiesFTdmin PrqpartiesGeneril Grctup M enter shipGeneralMefhbErzhipMemiser ofsUserFTadminfAdmimstratorsCtesoiption:E-ffUirf：删除“ Window Administrators ”组E-C I Users and GroupsE-_ User GroupsWindows Ad/ninii operatorsAuthenti cat愛d Users右键单Adm ini str it or s IEJ'Cj

6、Usere卜1邀 Ancrjmous Logo 卜ftadjnin' 軽 liaime. operatorDeleteProperties.,elete移除“ All Users”权限CPR9平台缺省对所有FactoryTalk用户分配最高权限，这意味着任何一 个被添加进FactoryDirectory的用户都相当于FactoryTalk管理员，为了保障安 全权限，“All Users”必须要被移除移除“ All Users'，选中 SecurityInmyboxInmybox此时能看到AllUsers默认拥有所有权限，点击Remove同时，在这里为不同用户组分配操作权限，可以

7、看到，管理员组已经默 认被添加进安全设置中，并且拥有所有操作权限（ftadmin在该用户组中）下边设置操作员 添加操作员组lianne.operator 的权限Pe<mi$ionJ EFedivEi PejmissiansVie penntssimsa uActionUsersComputeisfJJ 比血 ixri e lr 讥 srsSpAlL CnpuitrE1Add.Remove/Select User and ComputerSecurity Settings for NetworkSelect a user (or user gioupl and oomptlef (or c

8、omputei group) pailCcvmpiJefs 咽 All ConiputeisUsefE叩吕闭lorwJWindows AdministiatorsInmybox添加完成UsersComputersAdjninistralsrspAll Cnputersoperators#)A11 ComputersAnonymous LngonAll Conputerz对operators用户组需要设置两处，蓝色字体1和2411rapnl1 awi匚*! All ComputerEAnonymous; Lgom q口 UDDn Add.RemovePermissions for operato

9、rs from All Compulera.田 ActionAllowDeny*All Acti ffnsn1 Read设置为允许Permissiors for operators from All Computers.ElActionAllowDeny*曰Coimnon.nCcnfigure SecorityCr«a七亡 Children.LJDel«t&ExecuteList ChildrennReal回2 RSLogix500(权限Project设置允许Open和Go Online,其他设置为DenyI W4 B IFWqWV FV WlW I V Wl I

10、F I Ml WlWi田 ActionFrcj act: Camp actFrcjset：Projfect； EKper七Frcj «ct: Go QnliiuFroj feet: Modi fjr PithProject: Op电iiPrej set： Sav«在 Product Polices 中移除 AllUsers,右键单击 Product Polices,选择 Con figure Feature SecurityFiSys t en-| Acti on Groups|i|Poli C1EFroduc t由Q£_| System Tol I* _ N C

11、omputers anci i. 貝" EM -*v选中 All Users 点击 RemoveInmyboxInmybox为RSLogix5000添加管理组以及操作权限，右键单击RSLogix5000选择Con figure Feature SecurityI- ' l SystemAction GroupsQ |_j Folici es-l(_ Product FLicies±iLJ±-LJ RSMACC ±jQ ESLcgix Ai i 厶乞.%RSLogi*+i I_ FactoryTalk Gateway匚cnfigure Featur

12、e Security,., Security.需要对管理员组做如下设置，允许Controller:Secure,这样管理员才可以 在新建程序时勾选程序加密选项。Inmybox添加操作员组，点击 Add,添加operatorsFeature Security for RSLogix 5000R&rnavePemnissions Effedive PermissionsView permissions by:0 UerActionUsersComputerspAll CcmputftrsEtratccriInmyboxInmyboxSelect User and ComputerSelec

13、t a user (01 uer group and computer (01 computer group pair.User®也闵I Ussr£ fSAdmini 加 $S Authenticated Users2匚 omputers2plAII ComputersopeiatorWindows AdministratorsInmybox根据实际需求设置操作员权限，本实验中全部设置为DenyFeature Security for RSLogix 5000Permissions E ffective PernnionsView permissions by:。UserA

14、ctionUserComputersAdm i ni str a torsC&mputarEoperators哺IaIL ComputersAdd.RemoveOKCancel点击OK完成设置，这样，操作权限部分设置完成。关闭SSO如果要使用FactoryTalk安全，还需要关闭SingleSignOn(SSO)这样的话 每次启动FactoryTalk都要求用户提供可用的用户名和密码才能进入系统。I System_| Acticn Groups3口 Policies±）匸J Product Folici asL 二 I_| System FoliciesFacteryTalk

15、 Alarms and EventsAppli cati oil Author iz at ion User RightsLivePolicyKtalth Men it oring PolicyAudit PolicySecurity Pali±1 Qj ComputerE and Groiu.jProperties,点击 Disabled3 Single Si gnOnPoli cy Sett mgsUs single si gjn_©nDisaibldPermissions for operators from All Computers.ElActionAllowDe

16、nyi3All Actions曰f eatwre Secur i tyController: SecureFirmware: Updat色Print： Nodify OptionsProject: NewToolbar； ConEigwreb 1此时，RSLogix500（安全功能配置全部完成 测试安全功能：打开 RSLogix5000RSLogix 5000 Enterprise Series虜 Help冈 RSLogix 5000 Tutorials and Dem爾 RSLogix 5000此时会看到弹出登录窗口，这里我们以管理员（ftadmin ）身份登录Log On to Facto

17、ryTalkInmyboxInmyboxUser name:Pawwcrd:Change Password.WCancel新建程序，Security Authority 选项选择 FactorySecurityNew ControllerVendor:Alen Bradley1756-L61Cortr?lLx>gk5561 CortrallerRevision;20 Redundancy EnabledNwne.LogixhKSectiriyDescriptioni175&-A1010-Slot Ccntrcl QiassisSafety ParMer Slot：Browse.C

18、hassis Type.Slot:Create In:Security并勾选 Use only the selected Security Authority for Authentication andAuthorization，点击OK完成，这样就为该程序选择了加密保护功能Security Authority:|冏鑒卷巴壬RT霑4三|e1ee1c(End)可以看到，操作员身份登录后,新建、保存和程序编辑选项都变为灰色,可以看到，该用户可以对程序进行新建、打开、保存以及对程序段进行 修改编辑等所有功能，保存程序后退出，我们再以操作员身份登录Offfiner HUN勰 Patli <mn

19、e>圖No Forcesr DKfNa Edits岂r bat r i；omi 1- lol 廿1t 卜 +r < 卜妙 gRedundancy01-J F Favorites R Add-On XR Bit X Tirnen'CDunter XCorrtrollar Organizer* P- XQ-t3 Controller Logix5K_Security谕 Controller TagsCJ Controller Fault Handle-Cj Power-Up HandlerQ-S Tasks0 屯 MainTask白 *鼻 MainProgriam:-固 Pro

20、gram TagsQ MainRc>utineS File Edit View Seairch Logic Cc mmun ications Tools Window HelpInmybox表明该用户不具有该操作的权限，这样也就实现了开始假想的安全权限要求, 至此，Logix5000加密设置完成。Inmybox豳 RSLogix 5000 - Logix5K_Security 1756-L61 20.11 - MainPnogram - Main Routine® File Edit View Search Logic Communicatio ns Tools Window

21、HelpOfflineNo ForceskNo Editsa厂Fl 已 dundancyRUN KBAT I/OPath:<none>IIhzrl 右 T 卜-H- (卜代卜(!_)III卜 Favorites Add-On Alarms Bit TimEr/CDunter y(Controller Organizer-XStart PageEJ-63 ControlleLogix5K_Security 國 ControlleT占g£口 Controller Fault Handler =CJ Power-Up HeindlerB-3 Tasks白甸MainTask MainProgram；國 Program Tags匿1 MainRoutine(End)<ab>InmyboxFactorytalk