Redbex Reference Manual - Creating the Service User

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Save Permalink URL

Navigation: Administrator's manual > Installation > Application Server > Before installation

Creating the Service User

This chapter is only important if you do not want the Application Server to create a dedicated local Windows user that runs the Application window service.

The Application Server is run a Windows service, each Windows service executes in the security context of a specific user account. While running the Application Server Setup Program the Setup Assistant gives you the possibility to either automatically create a new local Windows user for that purpose, or to specify an already existing local or active directory user. If you want to specify an already existing user following preparatory steps are mandatory:

•The user must be member of the Windows built-in user groups Users, Performance Monitor Users, EventLogReaders

•Do not use one of the predefined Windows accounts (LocalService, NetworkService or LocalSystem) for running the Application Server.

The service user account can be a local Windows user account or a Windows Domain account. Chapter Creating a local Windows user explains how to create a a local Windows user.

The service user must be member of the Windows built-in user group Performance Monitor Users (SID: S-1-5-32-558). Chapter Adding a local user to a group explains how to add a local user to a local Windows user group.

If you have a Windows Domain controller it may be preferable to use a domain account, since it may allow you to use Windows Authentication for accessing the Application Server Database even if the Database is hosted on a different computer in your network. Additionally Managed Service Accounts (= managed domain accounts available with Windows 2008 R2 and Windows 7 and above) can simplify the management of passwords for the service account.

Use a secure password and advice the Operating system that this password will never expire!

When Windows starts the Windows Service for an Instance of the Application Server, the Windows Service Control Manager (SCM) logs on to the user account associated with the Application Server service. If that logon fails the Application Server service will not start. Note that the SCM does not maintain the passwords of service user accounts (except if using Managed Service Accounts). If a password is expired, the logon fails and the service fails to start. If using managed service accounts Windows will take care of password changing for you.

The user account to run the Application Server service must have the right to Log on as a service in order to be used as the security context of the Application Server Service. The Application Server Setup Program will automatically assign this right to the specified user.

Figure 1 and 2 show the typical settings when using a local user account to run the Redbex Application Server Windows Service. For detailed instructions on how to create a Windows user account (local or domain) please refer to your operating system's documentation.

Figure 1: Typical settings for a local service user (Dialogue as seen in Windows Server 2008R2)

Figure 2: Typical settings for a local service user (Dialogue as seen in Windows Server 2008R2)