MID Server - Windows Service Account - Permissions for upgrades
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2023 04:09 AM
Hi,
I am planning some MID servers and looking at the pre-reqs. I understand that the Windows service account cannot be a local system or an administrator level account.
This is documented here:
Install a MID Server on Windows (Vancouver)
Procedure -> Step 6 -> Service Account Name
"Note: The provided service account credentials must meet the following requirements in addition to being a valid account. The user cannot be a local system or an administrator level account (local admin, domain admin, etc.)"
And here:
Configure Windows MID Server service credentials
"Windows service credentials control the level of privilege on the device. The user should not be a local system or an administrator level account (local admin, domain admin, etc.)"
Additionally this is checked at MID service install and if the account has admin rights then it errors saying the account is invalid.
However I am now looking at the upgrade process and considering the rights required and I have found this:
MID Server pre-upgrade check (Vancouver)
Pre-upgrade tests
"Ensure that the Log On As user for the Windows service is either LocalSystem or a user that is part of the local Administrator group. By default, domain administrators are added to the local Administrator group when joining a computer to a domain."
Also:
Errors that block the upgrade:
"MID Server Windows Service is not running as LocalSystem or a local Administrator
This message warns that the Windows service is not running with the desired permissions."
In a section further down the above Install a MID Server on Windows (Vancouver) page there is a comment relating to something changing in Orlando:
Run a Windows MID Server as a non-admin after manual installation:
"Non-admin accounts cannot initiate upgrade services in versions prior to the Orlando release."
What happened with Orlando? I have looked for release notes but cannot find anything. I may be looking in the wrong place so if there are release notes please point to where I would find them.
So is the "MID Server pre-upgrade check" page correct or is that an error?
If local system is not required how does the upgrade process work? The Windows MID service account has Full Control rights to the MID service install directory so I am assuming it has the rights to replace any upgraded files and so does not required admin rights. Is that what changed in Orlando?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2023 07:02 AM
Hi Shadlic,
Are you using the ZIP format to install or the auto msi version to install the MID server.
For the 'zip' version what I have seen is the service will not accept a log on as a service account unless it is has the local admin access.
But in the '.msi' version you get a UI where you can create the log on as a service account right from the setup page with the appropriate access.
You can see the permission given to the user from the msi version and use the same for the zip service.
If you do not give any log on as a service user while using the zip file.
The MID server will run with the user access from which you have ran the batch service.
