Domain Caching | Proficy iFIX 2024 Documentation

When iFIX Security is enabled, Domain Caching allows users to log into iFIX even when they are not connected to a domain, such as when connected to a corporate network. Only the logon information is persisted (not the full user name, for instance) to comply with Microsoft security policies.

When using domain caching, be sure that other security countermeasures are enforced, such as strong passwords.

Domain Caching is disabled by default in iFIX. To enable it, you need to update the secnet.ini file in the iFIX/Local folder. Change the EnableDomainLogonCache setting from 0 to 1, like this:

EnableDomainLogonCache=1

Save the secnet.ini file and restart iFIX.

Domain caching should be enabled where ever you want to cache the login. For instance, on the iFIX Server and iClient (View) nodes.

NOTE: In Microsoft Windows, If domain caching is enabled for logins, be sure that you configure the Interactive logon: Number of previous logons to cache setting in the Windows security policies to something other than 0. For example, if the value is 5, the server caches logon information for 5 users. This security policy can be found in Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

For more information on the secnet.ini file and other changes you can make to configure the Windows API that connects to the domain controller for authentication, refer to the Control How iFIX Security Authenticates Windows Accounts topic.