Studio 5000 Source Protection — Step-by-Step

The Configure Source Protection menu item is not visible by default in Studio 5000. You have to enable it first.

Locate or download RS5KSrcPtc.exe (the Source Protection Tool) from Rockwell's PCDC / Compatibility & Downloads site, or find it in your Studio 5000 installation media under a Tools folder
Close Studio 5000 if it's open
Run RS5KSrcPtc.exe as Administrator → select Enable → OK
Reopen Studio 5000 — you should now see Tools → Security → Configure Source Protection

This is a per-workstation registry toggle. Any machine that needs to apply or unlock source protection has to go through this step once.

The sk.dat file is the keyring that holds all your source keys. Treat it like a password vault — whoever has it can unlock the protected logic.

Open your offline project (.ACD) in Logix Designer
Go to Tools → Security → Configure Source Protection
If no sk.dat file is configured, you'll be prompted to specify a location → click Yes
Browse to a folder where the file will live (recommend a secure, backed-up location — not the project folder, and not on a customer-bound deliverable)
If sk.dat doesn't exist there yet, you'll be prompted to create one → click Yes

You should now be in the Source Protection Configuration dialog showing all routines and AOIs in the project.

In the Source Protection Configuration dialog, select the routine or AOI you want to protect
Click Protect
In the Protect dialog:
- Protection Type: Source Key
- New Source Key: enter a strong key (case-sensitive; special characters allowed: @#$%(){}[])
- Confirm New Source Key: re-enter
- Source Key Name (optional but recommended): a friendly label like Serlixer_AOI_Master — this is what shows in the dialog instead of the raw key
- Allow viewing of components (read-only) checkbox:
  - UNCHECKED = logic is fully hidden (cannot view or edit) ← use this for IP protection
  - CHECKED = logic is visible but read-only ← use this if customer needs to troubleshoot
Click OK
Repeat for every routine and AOI you want to protect
Close the Source Protection Configuration dialog
Save the project

Before deploying anything to the field, prove it actually locked:

Save and close the project
Move the sk.dat file out of its configured location (rename it or move it to a different folder)
Reopen the .ACD project
Try to expand the protected routine/AOI in the controller organizer — you should see no access to Logic or Tags, and the icon should indicate it's protected
Try to export the protected routine to L5X — confirm the export file is encrypted, not human-readable
Restore the sk.dat to its location and confirm full access is back

This verification step matters. It's the only way to know your customer can't read what you intended to hide.

Once protection is applied and verified:

Go online and download as you normally would
The protected components are stored in the controller in encrypted form
Anyone uploading the project from the controller will get the protected .ACD — but without the matching source key in their sk.dat, they cannot view or edit the protected routines/AOIs

Key Management

Use a single master sk.dat stored in a controlled location (Bitwarden, encrypted share, etc.) — never deliver it to the customer
Use different source keys per customer or per project family so a leak doesn't compromise everything
Use the Source Key Name feature so engineers see friendly labels, not raw keys, when working in the dialog
Back up the sk.dat redundantly — if you lose it, the protected logic is unrecoverable

Action	Path
Enable feature on workstation	Run `RS5KSrcPtc.exe` → Enable
Configure protection	Tools → Security → Configure Source Protection
Specify sk.dat location	Source Protection Configuration → Specify
Apply key	Select component → Protect → Source Key
Remove protection (with key)	Select component → Unprotect

Article Details