WSS v2 Reminder Service - Domain Account

The Reminder Service is setup to use the local NT Authority\System account upon installation, however this local account can only give the Reminder Service permission to operate on the local server.

Therefore, if your SharePoint web server and Microsoft SQL Server database are on separate servers then you will need to set the Reminder Service to run as a domain account to give it permission to access your database.

If you have multiple Web Front Ends (aka a Web Farm) in your SharePoint configuration you must also follow these steps to ensure TCP Remoting is correctly configured.

Note - If you are using an MSDE database or SQL Server on the same physical server that SharePoint is installed on then these extra configuration steps are not necessary, please continue using the default NT Authority\System account and no extra configuration is necessary.


You will need to set the SharePoint Reminder Service to run under a Domain Account with the following permissions :-

When installing SharePoint you will have already setup a Domain Account for the Windows SharePoint Administration Virtual Server with the last 2 permissions,

As new content databases are created (either by an Administrator or automatically) SharePoint will give this service the appropriate access permissions - if you chose not to use the same account for Reminder you must ensure that you manually assign permissions whenever new content databases are created.

For these reasons the easiest way is use the same account for SharePoint Reminder that SharePoint Administration Service itself uses - however you will still have to give permission to access the programs installation directory, registry key and Log On as a service.

You can determine the domain account that you are using for SharePoint Administrative functions by checking either the SharePoint Timer Service's user account or SharePoint Central Administration > Configure Virtual Server for Administration.

Please continue here if you wish to use a dedicated domain account just for the Reminder Service.


 

Setting the Reminder Service to use the same account as the SharePoint Timer Service

  • Open the Services MMC (Administrative Tools > Services)

  • Find the Windows SharePoint Services Timer service, right click and select Properties

  • Click the Log On tab

  • Note the domain\username in This account - you will also need to find the password for this account

  • Now find the SharePoint Reminder Service, right click and select Properties.

  • Click the Log On tab and enter the domain, username and password found above and select OK

  • Give this account

  • Restart the SharePoint Reminder Service

 


 

Setting the Reminder Service to use a dedicated domain account.

 


 

Access to the Registry Key Branch

The SharePoint Reminder services needs read and write access to a branch of the Registry. It uses this to store some internal configuration properties upon startup such as which TCP/IP port to use for Remoting.

  • Select Start > Run and enter regedit

  • Find the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Pentalogic\SharePointReminder

  • Right click on the key name and select Permissions

  • Add the Domain Account you are using to the list and ensure Full Control is checked.

 

 

Access to the Installation Directory

The SharePoint Reminder services needs read and write access to a number of files in its installation directory. By default the program is installed to "C:\Program Files\Pentalogic\SharePoint Reminder" but you can of course change this during installation.

  • Find the installation folder using Windows Explorer

  • Right click on the folder and select Properties

  • Click on the Security Tab

  • Add the Domain Account you are using to the list and ensure Full Control is checked.

 

 

Log On As A Service

  • This should be assigned automatically when you set the SharePoint Reminder Service to Log On as your Domain Account. You can check that this has been assigned by

  • Using Start > Administrative Tools > Local Security Policy

  • Goto Local Policy > User Rights Assignment > Log on as a Service

  • Checking the Domain Account is the list and adding it if necessary

 

 

SharePoint Administration Rights

You must give the domain account you have setup full permission for any Web Applications (virtual servers) that you intend to place Reminder Web Parts on.

 

1) Add the Domain Account to the Servers Local Administrators group. By default all local administrators receive SharePoint Administration rights.

Note - If you do this you will not need to perform the steps needed to give the Account access to the programs installation directory and registry key.

2) Add the Domain Account to a Domain Group setup for SharePoint Administrators. Use SharePoint Central Administration > Set SharePoint Administration Group and enter the Domain and Group Name.

Note - changes to the SharePoint Administrators group using the Central Administration page is not picked up until you issue an IISRESET

 

Database Permissions

The SharePoint Reminder services needs access to the Configuration Database and all Content Databases.

If you have followed the recommendation above to use the same Domain Account that the SharePoint Central Administration utility runs under then you do not need to follow these steps.

Note - If you do not use the same account you will have to ensure that these steps are followed whenever a new Content Database is added.

  • Start Enterprise Manager on the database server

  • Open the server node and select Security then Logins

  • Right click and select New Login

  • Add the Domain Account you are using

  • Select the Database Access tab

    • Select SharePoint's configuration database

    • Ensure that both Permit and the db_owner role are checked

    • Repeat the above 2 step for every SharePoint content and configration database