tags:

views:

1436

answers:

2
+1  Q: 

A user with Local Admin + NETWORK SERVICE permissions for Windows Sharepoint Timer Service

Is it possible to create a user with permissions of both a local administrator and NETWORK SERVICE?

I've got a Sharepoint timer job which runs stsadm for which it needs local administrator permissions. On the other hand temer jobs are also used by other services which need NETWORK SERVICE permissions and those to sets of permissions only overlap, so I need a user with the "sum" of the permissions to run OWSTIMER under.

(I know that most of the operations you can perform with stsadm sharepoint administration API can be used, by in my case it is the operation which moves a site collection between content databases for which there seems to be no API equivalent).

+1  A: 

I recommend always using domain accounts - SharePoint works best on servers connected to an Active Directory server. For production environments a best practice is using a least privilege account. I always create the following domain account dedicated to SharePoint services:

DOM\spservice

You do not need to grant any special privileges to this account as SharePoint will automatically do this for you when you specify the account during setup.

Lars Fastrup  2008-11-04 19:23:10
Thanks! An interesting point, I didn't pay much attention to the setup process, will check it out.
axk  2008-11-04 21:49:05
You're right. This is the way to set it up.
axk  2009-06-26 11:59:23
A: 

I can't help you with the user permissions (Lars hit the important points), but I wanted to share some information that may be of use.

You mentioned that you're trying to move site collections between content databases and haven't found an API the can be leveraged. Have you looked into SharePoint's Content Deployment API (also know as the PRIME API) to see if it can assist? The types of which I'm speaking are located in the Microsoft.SharePoint.Deployment namespace, and they provide you with mechanisms to export (via SPExport) site collections as CAB files and then import them (via SPImport).

SharePoint leverages types in this namespace for its own content deployment paths and jobs (in MOSS); it's also the API that is leveraged by the STSADM.EXE executable for export (STSADM.EXE -o export) and complementary import operations. For that matter, it's also used by SharePoint Designer for it's site "backup" and "restore" operations.

For an example of how this API can be leveraged, check out the SharePoint Content Deployment Wizard tool on CodePlex (http://www.codeplex.com/SPDeploymentWizard).

I hope this gives you a potential alternative to shelling out to a command line in your timer job!

Sean McDonough  2009-06-25 02:46:39
Tnanks, but exporting and importing has some limitations so I had to use stsadm which moves sites on the SQL level and dosn't rely on any public API's for this operation (as Reflector shows).
axk  2009-06-26 11:57:59
Aleksey, you can actually carry out all of the STSADM-related backup and restore operations via the object model. If you're actually doing a site collection backup/restore, see the associated documentation on the SPSiteCollection type (http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.administration.spsitecollection.backup.aspx). For a full catastrophic backup/restore, check out the SPBackupRestoreConsole type (http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.administration.backup.spbackuprestoreconsole.aspx). These two types do the work for STSADM on backups :-)
Sean McDonough  2009-06-26 15:20:08

related questions

Apache and IIS side by side (both listening to port 80) on windows2003
Web Access to Virtual Machine
Winsock - 10038 Error - Win2K3 Server - baffling behaviour
How to hide complete volume?
Using both 1.1 and 2.0 frameworks on Windows 2003 x64
Windows Server 2003 - Share current Desktop via RDP like in Windows XP?
How can I kill a process, using VBScript, started by a particular user.
Can you have more than one ASP.NET State Server Service in a cluster?
Do I need a Windows CAL for each client when they will only access an Oracle database on the server?
Switching state server to another machine in cluster
How do you tell IIS 6 to set the .NET version to 2.0 (not 1.1) When New sites are created?
How do I stop network flooding using Windows 2003 Network Load balancing?
MS Server 2003 vs MS Server 2008
Does Windows Server 2003 SP2 tell the truth about Free System Page Table Entries?
How to Prevent the "Please tell Microsoft about this problem" Dialog Boxes
Delayed Write Failed on Windows 2003 Clustered Fileshare
How do I cluster an upload folder with ASP.Net?
How do I secure a folder used to let users upload files?
I'm looking for a Windows hosting provider that supports custom os images (like AMZN EC2)
Error installing iKernel.exe
how to allow files starting with period and no extension in windows 2003 server?
How can I prevent a server from becoming locked after a Remote Desktop session
Default Internet connection on Dual LAN Workstation
Printers not available unless shared.
Client collation and SQL Server 2005