You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »

OS and Application information

OS Requirements

  • 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter
  • Or 64-bit edition of Windows Server 2012 Standard or Datacenter

Requirements by Component

Notification Service

  • SharePoint 2013

On this page:

Aspire BDC Service

Check according with the Window Server used, either Windows Server 2008 or Windows 2012, if any of the features are installed. Otherwise proceed to install them.

In Windows Server 2008 R2 SP1

  • IIS Server role
    • Common HTTP Features
      • Static Content
      • Default Document
      • Directory Browsing
      • HTTP Errors
      • HTTP Redirection
    • Application Development
      • ASP.Net
      • .Net Extensibility
      • ISAPI Extensions
      • ISAPI Filters
    • Security
      • Basic Authentication
      • Windows Authentication
      • Digest Authentication
      • Client Certificate Mapping Authentication
      • IIS Client Certificate Mapping Authentication
      • URL Authorization
      • Request Filtering
      • IP and Domain Restrictions
    • Management Tools
      • IIS Management Console
      • IIS Management Scripts and Tools
      • Management Service
  • Application Server role
    • All role features (confirm all dependencies)
  • Microsoft .NET Framework version 4.5

In Windows Server 2012:

Server Manager, Add Roles and Features

  • IIS Server role
    • Common HTTP Features
      • Static Content
      • Default Document
      • Directory Browsing
      • HTTP Errors
      • HTTP Redirection
    • Application Development
      • ASP.Net 3.5
      • ASP.Net 4.5
      • .Net Extensibility 3.5
      • .Net Extensibility 4.5
      • ISAPI Extensions
      • ISAPI Filters
      • Server Side Includes
    • Security
      • Basic Authentication
      • Windows Authentication
      • Digest Authentication
      • Client Certificate Mapping Authentication
      • IIS Client Certificate Mapping Authentication
      • URL Authorization
      • Request Filtering
      • IP and Domain Restrictions
    • Management Tools
      • IIS Management Console
      • IIS Management Scripts and Tools
      • Management Service
  • Application Server role (confirm all dependencies)
    • .Net Framework 4.5
    • TCP Port Sharing
    • Web Server (IIS) support
    • Windows Process Activation Service Support
      • Named Pipes Activation
      • HTTP Activation
      • TCP Activation

 

These prerequisites can be installed either manually configuring via Server Manager or running SharePoint 2013 prerequisite installer.

User Account Requirements 

To configure User Account Requirements, follow these instructions: 

Add user permissions manually:

1. To add a user as a SharePoint Shell Admin, execute “Add-SPShellAdmin” cmdlet (http://technet.microsoft.com/en-us/library/ff607596.aspx):

  • Start SharePoint shell as administrator.
  • Run “Add-SPShellAdmin -UserName <username>".

2. Make the SharePoint Application Pool account a Search Service Application administrator:

  • Go to Central Admin > Application Management > Manage Service Applications.
  • Select the Search Service Application row (not the link).
  • Click on the Administrators button on the ribbon.
  • Add the user and give it “Full Control” permissions.

3. Make the user the Default content access account:

  • Go to Central Admin > Application Management > Manage Service Applications > Search Service Application.
  • Select the current access account.
  • Enter the new account credentials

4. Make the user a Business Data Connectivity Service administrator:

  • Go to Central Admin > Application Management > Manage Service Applications.
  • Select the Business Data Connectivity Service row (not the link).
    • Click on the Administrators button on the ribbon.
  • Add the user and give it “Full Control” permissions.

5. Give the user Metadata Store permissions:

  • Go to Central Admin > Application Management > Manage Service Applications > Business Data Connectivity Service.
  • On the ribbon, select Set Metadata Store Permissions.
  • Add the user and select all permissions.
  • Click OK.

6. Add administration content database role membership:

  • Add database role membership “WSS_Content_Application_Pools” of SharePoint_AdminContent_<GUID> to Notification Endpoint app pool user:

7. For search databases, confirm that you have the SPSearchDBAdmin database role. This should be added to the account you set up as the Search Service Application administrator. If not, add them manually.

  • To access the list of database roles on SQLSERVER:
    • Open the SQL Server Management Studio.
    • Go to Security > Logins.
    • Right-click on the user and select Properties.
    • Select User Mappings.

Running the Deploy Scripts

To run the deploy scripts, use an account with the following requirements:

  • Domain user.
  • Member of the Administrators user group.



The following are the user requirements for each component of the Endpoint:

Intermediate Repository

  • Domain user
  • Member of AspireUsers user group

Aspire BDC Service

  • Domain user
  • Member of AspireUsers user group

Notification Service

  • Domain user
  • Member of AspireUsers user group
  • SharePoint Shell Admin (user who has SharePoint_Shell_Access role in farm configuration database, and member of WSS_Admin_WPG group)
  • The SharePoint Application Pool Account has to be Search Service Application administrator
  • Default content access account
  • BDC Service Application administrator
  • BDC Metadata Store Permissions:
    • Edit
    • Execute
    • Selectable in Clients
    • Set Permissions
  • “WSS_Content_Application_Pools” administration content database role.


Once the previous manual steps have been completed,  verify the following points:


 If the user running the SharePoint Application Pool is different from the user you are using to access the Notification Service, then the Application Pool account should be the one that has the Search Service Application administrator permission and not the account that has access to the service. In that case, after setting the application pool account as a Search Service Application administrator, confirm that you have the following permissions on that account in the Search Databases, if not, add them manually:

Database NameRole
Search_Service_Application_AnalyticsReportingStoreDB_<GUID>

SPSearchDBAdmin

Search_Service_Application_CrawlStoreDB_<GUID>

SPSearchDBAdmin

Search_Service_Application_DB_<GUID>

SPSearchDBAdmin

Search_Service_Application_LinksStoreDB_<GUID>

SPSearchDBAdmin

 

Database Permissions Checklist

After doing all the changes specified previously, this is the complete list of user database roles as they should be.

Database NameRole
SharePoint_Config

SPDataAccess

SharePoint_Shell_Access

SharePoint_AdminContent_<GUID>

SPDataAccess

WSS_Content_Application_Pools

SharePoint_Shell_Access

Bdc_Service_DB_<GUID>

SPDataAccess

Search_Service_Application_AnalyticsReportingStoreDB_<GUID>

SPSearchDBAdmin

Search_Service_Application_CrawlStoreDB_<GUID>

SPSearchDBAdmin

Search_Service_Application_DB_<GUID>

SPSearchDBAdmin

Search_Service_Application_LinksStoreDB_<GUID>
  • SPSearchDBAdmin

Since SharePoint setup user and server farm accounts have these privileges, it is recommended to use one of those accounts for this. Setup user is recommended since it has machine admin rights as well.

Security Pre-Trimmer

The Security PreTrimmer requires that the user identity sent to it contains at least one of the following claim types:

  • claims/userlogonname: This is for windows authentication. The pretrimmer will use this value to send it to the Aspire Group Expansion.
  • claims/primarysid: This is for other types of authentication (e.g. ADFS). The pretrimmer will take the primary SID value and translate it into a valid user id to send it to the Aspire Group Expansion.
  • No labels