WSS v2 Reminder Service - Domain Account
The Reminder Service is setup to use the local NT Authority\System account
upon installation, however this local account can only give the Reminder Service permission to
operate on the local server.
Therefore, if your SharePoint web server and Microsoft
SQL Server database are on separate servers then you will need to set
the Reminder Service to run as a domain account to give it permission to
access your database.
If you have multiple Web Front Ends (aka a Web Farm) in
your SharePoint configuration you must also follow these steps to ensure
TCP Remoting is correctly configured.
Note - If you are using an MSDE
database or SQL Server on the same physical server that SharePoint is
installed on then these extra
configuration steps are not necessary, please continue using the default
NT Authority\System account and no extra
configuration is necessary.
You will need to set the SharePoint Reminder Service to
run under a Domain Account with the following permissions :-
When installing SharePoint you will have already setup a
Domain Account for the Windows SharePoint Administration Virtual
Server
with the last 2 permissions,
As new content databases are created (either by an
Administrator or automatically) SharePoint will give this service the
appropriate access permissions - if you chose not to use the same
account for Reminder you must ensure that you manually assign
permissions whenever new content databases are created.
For these reasons the easiest way is use the same
account for SharePoint Reminder that SharePoint Administration Service itself
uses - however you will still have to give permission to
access the
programs installation directory, registry
key and Log On as a service.
You can determine the domain account that you are using
for SharePoint Administrative functions by checking either the
SharePoint Timer Service's user account or SharePoint Central
Administration > Configure Virtual Server for Administration. |
|
Please continue here if you wish to use a
dedicated domain account just for the
Reminder Service.
Setting the Reminder Service to use the same account as
the SharePoint Timer Service
-
Open the Services MMC
(Administrative Tools > Services)
-
Find the Windows SharePoint Services Timer
service, right click and select Properties
-
Click the Log On tab
-
Note the domain\username in This account
- you will also need to find the password for this account
-
Now find the SharePoint Reminder Service,
right click and select Properties.
-
Click the Log On tab and enter the domain, username
and password found above and select OK
-
Give this account
-
Restart the SharePoint Reminder Service
-
Create a domain account for the service - use the usual options for password
change/expiry etc.
Give this account the permissions detailed below
Set the SharePoint Reminder Service to Log On as this account
Restart the SharePoint Reminder Service
Access to
the Registry Key Branch
The SharePoint Reminder services needs read and
write access to a branch of the Registry. It uses this to store
some internal configuration properties upon startup such as
which TCP/IP port to use for Remoting.
-
Select Start > Run and enter
regedit
-
Find the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Pentalogic\SharePointReminder
-
Right click on the key name and select
Permissions
-
Add the Domain Account you are using to the
list and ensure Full Control is checked.
|
|
Access to the Installation Directory
The SharePoint Reminder services needs read and
write access to a number of files in its installation directory.
By default the program is installed to "C:\Program Files\Pentalogic\SharePoint Reminder"
but you can of course change this during installation.
-
Find the installation folder using Windows
Explorer
-
Right click on the folder and select
Properties
-
Click on the Security Tab
-
Add the Domain Account you are using to the
list and ensure Full Control is checked.
|
|
Log On As A Service
-
This should be assigned automatically when
you set the SharePoint Reminder Service to Log On as your
Domain Account. You can check that this has been assigned by
-
Using Start > Administrative Tools >
Local Security Policy
-
Goto Local Policy > User Rights Assignment >
Log on as a Service
-
Checking the Domain Account is the list and
adding it if necessary
|
|
SharePoint
Administration Rights
You must give the domain account you
have setup full permission for any
Web Applications (virtual servers) that you intend to place Reminder Web
Parts on.
1) Add the Domain Account to the Servers
Local Administrators group. By default all local
administrators receive SharePoint Administration rights.
Note - If you do this you will not need to
perform the steps needed to give the Account access to the
programs installation directory and registry key.
2) Add the Domain Account to a Domain Group
setup for SharePoint Administrators. Use SharePoint Central
Administration > Set SharePoint Administration Group and
enter the Domain and Group Name.
Note - changes to the SharePoint
Administrators group using the Central Administration page is
not picked up until you issue an IISRESET
|
Database Permissions
The SharePoint Reminder services needs access to
the Configuration Database and all Content Databases.
If you have followed the recommendation above to
use the same Domain Account that the SharePoint Central
Administration utility runs under then you do not need to follow
these steps.
Note - If you do not use the same account you will
have to ensure that these steps are followed whenever a new
Content Database is added.
-
Start Enterprise Manager on the
database server
-
Open the server node and select Security
then Logins
-
Right click and select New Login
-
Add the Domain Account you are using
-
Select the Database Access tab
-
Select SharePoint's configuration database
-
Ensure that both Permit and the
db_owner role are checked
-
Repeat the above 2 step for every SharePoint
content and configration database
|
|
|