Change the Service Account User

Table of contents
to the older version or return to version archive.

Combined revision comparison

Comparing version 22:16, 7 Jan 2019 by CalebMathison with version 17:27, 10 Jan 2019 by CalebMathison.

It is possible to change the Pleasant Password Service's user account. This may be necessary when updating your database and is useful for limiting access.

This is may be necessary if:

  • Connecting to an MS-SQL database with Windows Authentication
  • Backing up your Database to a network drive

This step may not be necessary if using SQL Authentication (username/password), and could be skipped.

Please Note:

  • This particular setting will not persist in an upgrade, and will need to be updated.
  • Please keep this step in your upgrade plans. 

Steps:

For default configurations:

  • That is, if the application is running as a Service (with an IIS Express task, not on an IIS server):
    • Run Services.msc
      • Open the Properties of the Pleasant Password Service -> Change user in Log On tab -> Type with this format:
        • Domain\UserName

          Note: Pleasant Password Server does NOT currently support authentication with a UPN (User Principal Name) format, i.e. username@domain.

          However, a workaround is setup your directory alias as the domain, and to use username@directoryalias.

      • Double-Check:
        • Ensure your user has necessary access: local admin may be necessary to open/close ports
        • Ensure your user has access to your Password Server Backup folder. This can be configured to a location on your network.
        • For additional details: https://technet.microsoft.com/en-us/...(v=ws.11).aspx

For IIS Hosting configurations:

MS-SQL Connection Security Settings:

  • Connections using Windows Authentication (instead of username/password):
    • Setup the user with login access & permissions on your Alternate Database
    • For MS-SQL:
      • Login to Microsoft SQL Server Management Studio
      • Open your SQL Server database folder (left-hand window pane) -> Click Security Folder
      • Right-click logins and select "New Login"
      • In the Login Name field either:
        • Select the Login Name of your service user account, or
        • For IIS Applications, type (do not click search):
          • IIS APPPOOL\YourAppPoolName
      • Select the "User Mapping" page
        • Select your Database
        • Set: db_owner (database role membership)
      • Configure SQL Server to allow Windows Authentication mode / mixed authentication
        1. Right-click on SQL Server instance at root of Object Explorer, click on Properties
        2. Select Security from the left pane.
        3. Select the SQL Server and Windows Authentication mode radio button, and click OK.
      • More Information (MS-SQL):

Version from 22:16, 7 Jan 2019

This revision modified by CalebMathison (Ban)

It is possible to change the Pleasant Password Service's user account. This may be necessary when updating your database and is useful for limiting access.

This is may be necessary if:

  • Connecting to an MS-SQL database with Windows Authentication
  • Backing up your Database to a network drive

This step may not be necessary if using SQL Authentication (username/password), and could be skipped.

Please Note:

  • This particular setting will not persist in an upgrade, and will need to be updated.
  • Please keep this step in your upgrade plans. 

Steps:

For default configurations:

  • That is, if the application is running as a Service (with an IIS Express task, not on an IIS server):
    • Run Services.msc
      • Open the Properties of the Pleasant Password Service -> Change user in Log On tab -> Type with this format:
        • Domain\UserName

          Note: Pleasant Password Server does NOT currently support authentication with a UPN (User Principal Name) format, i.e. username@domain.

      • Double-Check:
        • Ensure your user has necessary access: local admin may be necessary to open/close ports
        • Ensure your user has access to your Password Server Backup folder. This can be configured to a location on your network.
        • For additional details: https://technet.microsoft.com/en-us/...(v=ws.11).aspx

For IIS Hosting configurations:

MS-SQL Connection Security Settings:

  • Connections using Windows Authentication (instead of username/password):
    • Setup the user with login access & permissions on your Alternate Database
    • For MS-SQL:
      • Login to Microsoft SQL Server Management Studio
      • Open your SQL Server database folder (left-hand window pane) -> Click Security Folder
      • Right-click logins and select "New Login"
      • In the Login Name field either:
        • Select the Login Name of your service user account, or
        • For IIS Applications, type (do not click search):
          • IIS APPPOOL\YourAppPoolName
      • Select the "User Mapping" page
        • Select your Database
        • Set: db_owner (database role membership)
      • Configure SQL Server to allow Windows Authentication mode / mixed authentication
        1. Right-click on SQL Server instance at root of Object Explorer, click on Properties
        2. Select Security from the left pane.
        3. Select the SQL Server and Windows Authentication mode radio button, and click OK.
      • More Information (MS-SQL):

Current version

This revision modified by CalebMathison (Ban)

It is possible to change the Pleasant Password Service's user account. This may be necessary when updating your database and is useful for limiting access.

This is may be necessary if:

  • Connecting to an MS-SQL database with Windows Authentication
  • Backing up your Database to a network drive

This step may not be necessary if using SQL Authentication (username/password), and could be skipped.

Please Note:

  • This particular setting will not persist in an upgrade, and will need to be updated.
  • Please keep this step in your upgrade plans. 

Steps:

For default configurations:

  • That is, if the application is running as a Service (with an IIS Express task, not on an IIS server):
    • Run Services.msc
      • Open the Properties of the Pleasant Password Service -> Change user in Log On tab -> Type with this format:
        • Domain\UserName

          Note: Pleasant Password Server does NOT currently support authentication with a UPN (User Principal Name) format, i.e. username@domain.

          However, a workaround is setup your directory alias as the domain, and to use username@directoryalias.

      • Double-Check:
        • Ensure your user has necessary access: local admin may be necessary to open/close ports
        • Ensure your user has access to your Password Server Backup folder. This can be configured to a location on your network.
        • For additional details: https://technet.microsoft.com/en-us/...(v=ws.11).aspx

For IIS Hosting configurations:

MS-SQL Connection Security Settings:

  • Connections using Windows Authentication (instead of username/password):
    • Setup the user with login access & permissions on your Alternate Database
    • For MS-SQL:
      • Login to Microsoft SQL Server Management Studio
      • Open your SQL Server database folder (left-hand window pane) -> Click Security Folder
      • Right-click logins and select "New Login"
      • In the Login Name field either:
        • Select the Login Name of your service user account, or
        • For IIS Applications, type (do not click search):
          • IIS APPPOOL\YourAppPoolName
      • Select the "User Mapping" page
        • Select your Database
        • Set: db_owner (database role membership)
      • Configure SQL Server to allow Windows Authentication mode / mixed authentication
        1. Right-click on SQL Server instance at root of Object Explorer, click on Properties
        2. Select Security from the left pane.
        3. Select the SQL Server and Windows Authentication mode radio button, and click OK.
      • More Information (MS-SQL):