PI Live LibraryPI Server
Protect piadmin
The piadmin PI user is the PI Server super-user account. Take the following basic measures to protect this powerful account:
- Disable explicit logins for the piadmin account (Disable explicit logins for piadmin). Explicit logins (also called password authentication) on the PI Server are not nearly as secure as Windows authentication or PI trusts. Instead, control access to this account through Windows authentication.
- If you cannot disable explicit logins for the piadmin account, then at least make sure that the piadmin account does not have a blank password. New PI Server installations require a password for piadmin. While this is not mandatory for upgrades, it is strongly recommended.
- Restrict piadmin access to a small group of trusted administrators.
Note: Do not use piadmin for normal administrative tasks. See The piadmin user for more information.