SharePoint 2007 Reminder Service - Domain Account

The Reminder Service is setup to use the local NT Authority\System account upon installation, however this local account can only give the Reminder Service permission to operate on the local server

Therefore, if your SharePoint web server and Microsoft SQL Server database are on separate servers then you will need to set the Reminder Service to run as a domain account to give it permission to access your database.

If you have multiple Web Front Ends (aka a Web Farm) in your SharePoint configuration you must also follow these steps to ensure TCP Remoting is correctly configured.

Note - If you are using an MSDE database or SQL Server on the same physical server that SharePoint is installed on then these extra configuration steps are not necessary, please continue using the default NT AUTHORITY\System account.


You will need to set the SharePoint Reminder Service to run under a Domain Account with the following permissions :-

When installing SharePoint you will have already setup a Domain Account for the Windows SharePoint Timer Service with the last 3 permissions,

As new content databases are created (either by an Administrator or automatically) SharePoint will give this service the appropriate access permissions - if you chose not to use the same account for Reminder you must ensure that you manually assign permissions whenever new content databases are created.

For these reasons the easiest way is use the same account for SharePoint Reminder that SharePoint Timer Service itself uses - however you will still have to give permission to access the programs installation directory and registry key.

Otherwise, please continue here if you wish to use a dedicated domain account just for the Reminder Service.

 


 

Setting the Reminder Service to use the same account as the SharePoint Timer Service

  • Open the Services MMC (Administrative Tools > Services)

  • Find the Windows SharePoint Services Timer service, right click and select Properties

  • Click the Log On tab

  • Note the domain\username in This account - you will also need the password for this account

  • Now find the SharePoint Reminder Service, right click and select Properties.

  • Click the Log On tab and enter the domain, username and password found above and select OK

  • Give this account

  • Restart the SharePoint Reminder Service

 


 

Setting the Reminder Service to use a dedicated domain account.

 


Account Permissions Required

Access to the Registry Key Branch

The SharePoint Reminder services needs read and write access to a branch of the Registry. It uses this to store some internal configuration properties upon startup such as which TCP/IP port to use for Remoting.

  • Select Start > Run and enter regedit

  • Find the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Pentalogic\SharePointReminder

  • Right click on the key name and select Permissions

  • Add the Domain Account you are using to the list and ensure Full Control is checked.

 

Access to the Installation Directory

The SharePoint Reminder services needs read and write access to a number of files in its installation directory. By default the program is installed to "C:\Program Files\Pentalogic\SharePoint Reminder" but you can of course change this during installation.

  • Find the installation folder using Windows Explorer

  • Right click on the folder and select Properties

  • Click on the Security Tab

  • Add the Domain Account you are using to the list and ensure Full Control is checked.

 

SharePoint Administration Rights

You must give the domain account you have setup Full Control permission for any Web Applications you intend to use the Reminder Web Parts in.

You can do this by using the following STSADM command :-

stsadm -o addpermissionpolicy -url http://YourUrl -userlogin "DOMAIN\YourAccount" -permissionlevel "Full Control"

(Remember to repeat the command for each virtual server you are running)

Alternatively you can add the permissions using SharePoint Central Administration > Application Management > Policy for Web Application

Policy for Web Application

 

Log On As A Service

  • This should be assigned automatically when you set the SharePoint Reminder Service to Log On as your Domain Account. You can check that this has been assigned by

  • Using Start > Administrative Tools > Local Security Policy

  • Goto Local Policy > User Rights Assignment > Log on as a Service

  • Checking the Domain Account is the list and adding it if necessary

 

Database Permissions

The SharePoint Reminder services needs access to the Configuration Database and all Content Databases.

If you have followed the recommendation above to use the same Domain Account that the SharePoint Central Administration utility runs under then you do not need to follow these steps.

Note - If you do not use the same account you will have to ensure that these steps are followed whenever a new Content Database is added.

  • Start Enterprise Manager on the database server

  • Open the server node and select Security then Logins

  • Right click and select New Login

  • Add the Domain Account you are using

  • Select the Database Access tab

    • Select SharePoint's configuration database

    • Ensure that both Permit and the db_owner role are checked

    • Repeat the above 2 step for every SharePoint content and configration database