SharePoint 2007 Reminder Service - Domain Account
The Reminder Service is setup to use the local NT Authority\System account
upon installation, however this local account can only give the Reminder
Service permission to operate on the local server
Therefore, if your SharePoint web server and Microsoft
SQL Server database are on separate servers then you will need to set
the Reminder Service to run as a domain account to give it permission to
access your database.
If you have multiple Web Front Ends (aka a Web Farm) in
your SharePoint configuration you must also follow these steps to ensure
TCP Remoting is correctly configured.
Note - If you are using an MSDE
database or SQL Server on the same physical server that SharePoint is
installed on then these extra
configuration steps are not necessary, please continue using the default
NT AUTHORITY\System account.
You will need to set the SharePoint Reminder Service to
run under a Domain Account with the following permissions :-
When installing SharePoint you will have already setup a
Domain Account for the Windows SharePoint Timer Service
with the last 3 permissions,
As new content databases are created (either by an
Administrator or automatically) SharePoint will give this service the
appropriate access permissions - if you chose not to use the same
account for Reminder you must ensure that you manually assign
permissions whenever new content databases are created.
For these reasons the easiest way is use the same
account for SharePoint Reminder that SharePoint Timer Service itself
uses - however you will still have to give permission to access the
programs installation directory and registry key.
Otherwise, please continue here if you wish to use a
dedicated domain account just for the
Reminder Service.
-
Open the Services MMC
(Administrative Tools > Services)
-
Find the Windows SharePoint Services Timer
service, right click and select Properties
-
Click the Log On tab
-
Note the domain\username in This account
- you will also need the password for this account
-
Now find the SharePoint Reminder Service,
right click and select Properties.
-
Click the Log On tab and enter the domain, username
and password found above and select OK
-
Give this account
-
Restart the SharePoint Reminder Service
-
Create a domain account for the service - use the usual options for password
change/expiry etc.
Give this account the permissions detailed below
Set the SharePoint Reminder Service to Log On as this account
Restart the SharePoint Reminder Service
Account Permissions Required
Access to
the Registry Key Branch
The SharePoint Reminder services needs read and
write access to a branch of the Registry. It uses this to store
some internal configuration properties upon startup such as
which TCP/IP port to use for Remoting.
-
Select Start > Run and enter
regedit
-
Find the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Pentalogic\SharePointReminder
-
Right click on the key name and select
Permissions
-
Add the Domain Account you are using to the
list and ensure Full Control is checked.
|
|
Access to the Installation Directory
The SharePoint Reminder services needs read and
write access to a number of files in its installation directory.
By default the program is installed to "C:\Program Files\Pentalogic\SharePoint Reminder"
but you can of course change this during installation.
-
Find the installation folder using Windows
Explorer
-
Right click on the folder and select
Properties
-
Click on the Security Tab
-
Add the Domain Account you are using to the
list and ensure Full Control is checked.
|
|
SharePoint
Administration Rights
You must give the domain account you
have setup Full
Control permission for any Web Applications you intend to
use the Reminder Web Parts in.
You can do this by
using
the following STSADM command :-
stsadm -o addpermissionpolicy -url http://YourUrl -userlogin "DOMAIN\YourAccount" -permissionlevel "Full Control"
(Remember to repeat the command for each virtual server you are
running)
Alternatively you can add the
permissions using SharePoint Central Administration > Application
Management > Policy for Web Application
|
|
Log On As A Service
-
This should be assigned automatically when
you set the SharePoint Reminder Service to Log On as your
Domain Account. You can check that this has been assigned by
-
Using Start > Administrative Tools >
Local Security Policy
-
Goto Local Policy > User Rights Assignment >
Log on as a Service
-
Checking the Domain Account is the list and
adding it if necessary
|
|
Database Permissions
The SharePoint Reminder services needs access to
the Configuration Database and all Content Databases.
If you have followed the recommendation above to
use the same Domain Account that the SharePoint Central
Administration utility runs under then you do not need to follow
these steps.
Note - If you do not use the same account you will
have to ensure that these steps are followed whenever a new
Content Database is added.
-
Start Enterprise Manager on the
database server
-
Open the server node and select Security
then Logins
-
Right click and select New Login
-
Add the Domain Account you are using
-
Select the Database Access tab
-
Select SharePoint's configuration database
-
Ensure that both Permit and the
db_owner role are checked
-
Repeat the above 2 step for every SharePoint
content and configration database
|
|
|