21 Sep 2014 | Team Foundation Server
Application Lifecycle Management is an area that I have been wanting to improve for a while now. And what better way to do it than getting my self certified in the Microsoft ALM exams. I have decided to create a series of posts dedicated to ALM and sort of my "Road to Certification" posts.
In this post, I provide an overview of the different accounts that are required for the installation and smooth operation of TFS.
I created this mind map that graphically illustrates the accounts and required permissions by the different services in order to help me remember all the dependencies.
While the majority of production installations would be deployed in a multi-tiered environment, I would normally assume that all of the accounts listed above are part of the same domain (with the exception of DEPLOY
account. I will discuss cross domain considerations in a different post).
While I will go into detail in future posts, but for the initial installation the following accounts are required:
TFSInstall
- An installation account that would automatically be added as a TFS AdministratorTFSService
- Used to run the Team Foundation ServiceTFSReports
- Used to run the SQL Server Reporting Service (SSRS)As shown in the mind map, several of the accounts need to be given the right to log on as a service on their appropriate machines. These steps would be needed to accomplish that:
Open the local group policy by executing gpedit.msc
via a console.
Navigate to the following tree node: Computer Configuration > Security Settings > User Rights Assigment
Edit the Log on as a service
entry by double clicking it and add the necessary accounts.
The steps are very similar to Log on as a service. Follow steps 1-3 and on the last step choose Allow log on locally
and add the accounts as necessary.
Two service accounts need to be updated with permissions in order to properly integrate with SSRS. Here is a summary of what is required:
TFSReports
- Used as the service account for the reporting services.
TFSWareHouseDataReader
role on the report server.TFSService
- This account needs to be added as a Content Manager
in the report server.I will walk through the process of installation and configuring in a future posts.