You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 2
Next »
OS Requirements
- 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter
- Or 64-bit edition of Windows Server 2012 Standard or Datacenter
Requirements by Component
Notification Service
Aspire BDC Service
In Windows Server 2008 R2 SP1
- IIS Server role
- Common HTTP Features
- Static Content
- Default Document
- Directory Browsing
- HTTP Errors
- HTTP Redirection
- Application Development
- ASP.Net
- .Net Extensibility
- ISAPI Extensions
- ISAPI Filters
- Security
- Basic Authentication
- Windows Authentication
- Digest Authentication
- Client Certificate Mapping Authentication
- IIS Client Certificate Mapping Authentication
- URL Authorization
- Request Filtering
- IP and Domain Restrictions
- Management Tools
- IIS Management Console
- IIS Management Scripts and Tools
- Management Service
- Application Server role
- All role features (confirm all dependencies)
- Microsoft .NET Framework version 4.5
In Windows Server 2012
- IIS Server role
- Common HTTP Features
- Static Content
- Default Document
- Directory Browsing
- HTTP Errors
- HTTP Redirection
- Application Development
- ASP.Net 3.5
- ASP.Net 4.5
- .Net Extensibility 3.5
- .Net Extensibility 4.5
- ISAPI Extensions
- ISAPI Filters
- Server Side Includes
- Security
- Basic Authentication
- Windows Authentication
- Digest Authentication
- Client Certificate Mapping Authentication
- IIS Client Certificate Mapping Authentication
- URL Authorization
- Request Filtering
- IP and Domain Restrictions
- Management Tools
- IIS Management Console
- IIS Management Scripts and Tools
- Management Service
- Application Server role (confirm all dependencies)
- .Net Framework 4.5
- TCP Port Sharing
- Web Server (IIS) support
- Windows Process Activation Service Support
- Named Pipes Activation
- HTTP Activation
- TCP Activation
User Account Requirements
To run the deploy scripts use an account with the following requirements:
- Domain user.
- Member of the Administrators user group.
The following are the user requirements for each component of the Endpoint:
- Domain user
- Member of AspireUsers user group
Aspire BDC Service
- Domain user
- Member of AspireUsers user group
Notification Service
- Domain user
- Member of AspireUsers user group
- SharePoint Shell Admin (user who has SharePoint_Shell_Access role in farm configuration database, and member of WSS_Admin_WPG group)
- The SharePoint Application Pool Account has to be Search Service Application administrator
- Default content access account
- BDC Service Application administrator
- BDC Metadata Store Permissions:
- Edit
- Execute
- Selectable in Clients
- Set Permissions
- “WSS_Content_Application_Pools” administration content database role.
Manually add user permissions
- Make the SharePoint Application Pool account a Search Service Application administrator:
- Central Admin -> Application Management -> Manage Service Applications.
- Select “Search Service Application” row (not the link).
- Click on the “Administrators” button on the ribbon.
- Add the user and give it “Full Control” permissions.
- Make the user the Default content access account:
- Go to Central Admin -> Application Management -> Manage Service Applications -> Search Service Application.
- Click the current access account.
- Enter the new account credentials
- Make the user a Business Data Connectivity Service administrator:
- Central Admin -> Application Management -> Manage Service Applications.
- Select “Business Data Connectivity Service” row (not the link).
- Click on the “Administrators” button on the ribbon.
- Add the user and give it “Full Control” permissions.
- Give the user Metadata Store permissions:
- Central Admin -> Application Management -> Manage Service Applications -> Business Data Connectivity Service.
- On the ribbon, select "Set Metadata Store Permissions".
- Add the user and select all the permissions.
- Click OK.
- Add administration content database role membership:
- Add database role membership “WSS_Content_Application_Pools” of SharePoint_AdminContent_<GUID> to Notification Endpoint app pool user:
- For search databases, confirm that you have the SPSearchDBAdmin database role. This should be added to the account you set up as the Search Service Application administrator, if not, add them manually.
- To access the list of database roles on SQLSERVER:
- Open the SQL Server Management Studio.
- Go to Security -> Logins.
- Right click on the user and select Properties.
- Select "User Mappings".
Security Pre-Trimmer
The Security PreTrimmer requires that the user identity sent to it contains at least one of the following claim types:
- claims/userlogonname: This is for windows authentication. The pretrimmer will use this value to send it to the Aspire Group Expansion.
- claims/primarysid: This is for other types of authentication (e.g. ADFS). The pretrimmer will take the primary SID value and translate it into a valid user id to send it to the Aspire Group Expansion.