Hello,
I am the IT associate for a local CNC shop that is primarily Mazaks. We have roughly 50 machines. Recently, we purchased a new (to us) Mazak Quick Turn (Mazak Quick Turn Nexus 200-II, Model # QTN 200-II) that has embedded Windows XP. This is the first machine we've owned like this and we are having some growing pains with it.
It seems that the embedded software in the machine will NOT work unless the logged on user is "administrator". (Local or Domain) Logging on under any other name causes the software to crash and refuse to cooperate. We store all of our programs in a network share. When logged on as local admin to the machine, it does not have network access and cannot copy it's programs. However, when logged on as domain admin, it works just fine.
However, this is obviously a huge security hole and is not acceptable. We cannot have machines logged on as the full domain administrator, but that seems to be the only way we can access the network in order to pull the programs. Currently, I have just been going out on the floor and logging on as domain admin when the guys needed to pull a new batch of programs, then rebooting the machine and logging on as local admin once they had their programs downloaded.
I really feel like there has to be a better way to do this. Here are some things we've tried or considered already that did not / will not work:
* Created a "ShopAdmin" account with limited domain rights, brings up the issue above with the software in the machine not working.
* Considered using an "autologon" feature, but it would still need to log on as domain admin in order to get the programs.
* Used our usual "shop" logon, but gave local admin rights on the Mazak.
Can anyone provide any insight into how other shops handle this issue? Is something wrong with our machine? It seems like very poor design to me if it is intended to ONLY be able to run under an "administrator" account.
Thanks in advance for any suggestions or help, I really appreciate it. This one really has us scratching our heads.
I am the IT associate for a local CNC shop that is primarily Mazaks. We have roughly 50 machines. Recently, we purchased a new (to us) Mazak Quick Turn (Mazak Quick Turn Nexus 200-II, Model # QTN 200-II) that has embedded Windows XP. This is the first machine we've owned like this and we are having some growing pains with it.
It seems that the embedded software in the machine will NOT work unless the logged on user is "administrator". (Local or Domain) Logging on under any other name causes the software to crash and refuse to cooperate. We store all of our programs in a network share. When logged on as local admin to the machine, it does not have network access and cannot copy it's programs. However, when logged on as domain admin, it works just fine.
However, this is obviously a huge security hole and is not acceptable. We cannot have machines logged on as the full domain administrator, but that seems to be the only way we can access the network in order to pull the programs. Currently, I have just been going out on the floor and logging on as domain admin when the guys needed to pull a new batch of programs, then rebooting the machine and logging on as local admin once they had their programs downloaded.
I really feel like there has to be a better way to do this. Here are some things we've tried or considered already that did not / will not work:
* Created a "ShopAdmin" account with limited domain rights, brings up the issue above with the software in the machine not working.
* Considered using an "autologon" feature, but it would still need to log on as domain admin in order to get the programs.
* Used our usual "shop" logon, but gave local admin rights on the Mazak.
Can anyone provide any insight into how other shops handle this issue? Is something wrong with our machine? It seems like very poor design to me if it is intended to ONLY be able to run under an "administrator" account.
Thanks in advance for any suggestions or help, I really appreciate it. This one really has us scratching our heads.