App Pool Account permissions needed for People Picker

Similar Messages

• SM Portal App Pool account permissions

  Hi there
  Apologies if this is a stupid question, but I've installed the SM Portal following advice on various articles, and they all seem to say to run the portal app pool as the Service Manager service account. This account is also required to be a local admin on
  the service manager server. Isn't this a bit insecure or am i missing something? If anyone knows how to run it as another account with less permissions, then that would be great.
  Many thanks
  Amy

  Hi,
  The SCSM service AD account must be added to local Administrators Group on on all machines as it is used to perform the installation : SharePoint Server , SQL Server and Content Server.
  In my opionion, the account used to install portal should have permissions for service manager database, and also DW database.
  The best way should be use the service account, and I didn't find any official document regarding to this, and most articles use service account to install portal.
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Why should we trust the web app pool account for delegation?

  Hello,
  Can someone explain to me why we must trust the web app pool account for delegation in AD?
  here's what I understood:
  {Client computer}                                    {Web server}                         
  {SQL Server}
  domain\user1 ---auth. on web portal ----> [web portal]-domain\appPool-> the appPool account takes the identity of user1
  correct ?
  Thanks !

  To enable the MBAM Servers to authenticate communication from the Administration and Monitoring Website and the Self-Service Portal,
  you must register a Service Principal Name (SPN) for the host name under the domain account that you are using for the web application pool. More via https://technet.microsoft.com/en-us/library/dn645356.aspx?
  Eswar Koneti | Configmgr Blog: www.eskonr.com | Linkedin: Eswar Koneti
  | Twitter: eskonr

• Permissions needed for Applying SQL Tuning Sets/SQL Plans 11g?

  What permission are needed for a user to apply/activate sql tuning sets (sql plans) in 11g? The user can capture and move the the sql tuning sets from a 10g database to an 11g database but is getting "ORA-01031: insufficient privileges" when trying to activate/apply the sqlplans in 11g.
  The user has:
  ADMINISTER SQL MANAGEMENT OBJECT and ADMINISTER SQL TUNING SET and EXECUTE on SYS.DBMS_SPM
  The user is an administrator for our Data Warehouse team but they do not have sysdba priviliges.
  Do you also know of a good white paper that covers the step by step instructions and permissions needed for aquiring and applying/activating sqlplans?
  If more information is needed in order to respond please advise.
  Thank you

  What permission are needed for a user to apply/activate sql tuning sets (sql plans) in 11g? The user can capture and move the the sql tuning sets from a 10g database to an 11g database but is getting "ORA-01031: insufficient privileges" when trying to activate/apply the sqlplans in 11g.
  The user has:
  ADMINISTER SQL MANAGEMENT OBJECT and ADMINISTER SQL TUNING SET and EXECUTE on SYS.DBMS_SPM
  The user is an administrator for our Data Warehouse team but they do not have sysdba priviliges.
  Do you also know of a good white paper that covers the step by step instructions and permissions needed for aquiring and applying/activating sqlplans?
  If more information is needed in order to respond please advise.
  Thank you

• Set default value for people picker only when user checks a checkbox (Sharepoint 2010)

  The javescript in below link works for me.
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/2b130f64-3db2-484a-9a53-ccbe18d2c5de/set-default-value-for-people-picker-in-list-template-current-user?forum=sharepointgenerallegacy
  However, I'd like to set default user for people picker only when user checks a checkbox. 
  I am new to  development. Could you please help me on this requirement ?
  Thank you very much. 

  Hello,
  Use this link to to validate checkbox value, if true then set the person or group value (i.e. as posted in your link).
  http://geekswithblogs.net/haniamr/archive/2011/03/10/validate-that-a-checkbox-is-checked-using-javascript.aspx
  Hope it could help
  Hemendra:Yesterday is just a memory,Tomorrow we may never see
  Please remember to mark the replies as answers if they help and unmark them if they provide no help

• HT5312 How reopening app Store account after circuiting for security reasons

  How reopening app Store account after circuiting for security reasons

  Not sure I follow your english. Can you explain in more details?

• Permissions needed for SCOMAction account

  Hi, can anyone give me precise answer for this question: Which permissions SCOMAction account does need to have in order to SCOM 2012 R2 work properly?
  I found on many sources that SCOMAction account DOES need to be member of local administrators group on all computers agent was deployed to. Having installed agents only on all my domain controllers using my domain admin account I have not experienced any
  problems yet - since DCs do not have local administrators group if above is a MUST that means I would have to give SCOMAction account domain admins right i.e. put it into domain admins group which certainly is huge overkill (in that case SCOMAction account
  would be automatically local administrator on all domain computers).
  I have to repeat again: I deployed agents to all my DCs using my domain admin account - SCOMAction account does not have any special permission except being local administrator account on SCOM server itself along with SCOMDataAccess, SCOMDataReader
  and SCOMDataWriter accounts. Everything works well but there is a possibility something is wrong because of the fact that SCOMAction account does not have needed perms on DCs and I have not noticed yet. Almost 10 hours passed since I deployed agents to DCs
  and start monitoring them (I have imported Windows Server MP, AD MP, GPO MP, DFS-R MP, DNS MP . . .) - I have not noticed any errors caused by lack of perms for any of SCOM accounts.

  SCOM Action account does not required to be local administator of agent machine
  The action account is used to gather information about, and run responses on, the managed computer (a managed computer being either a management server or a computer with an agent installed). The MonitoringHost.exe processes run under the action account or
  a specific Run As account.
  You may use local system or domain account for agent action account.
  For Domain user agent's action account, you can use a low-privileged account by ensurin that the account have the following minimum privileges:
  • Member of the local Users group
  • Member of the local Performance Monitor Users group
  •“Allow log on locally” permission (SetInteractiveLogonRight)
  https://technet.microsoft.com/en-us/library/hh212808.aspx
  Roger

• Set Default Value for People Picker in List Template current user

  Hi,
  I have field definition in my custom list
    <Field ID="{26763808-64BB-4A3C-93A0-ED45AF783D45}"  Type="User" Name="RequestedBy" DisplayName="Requested By" Required="FALSE" ></Field>
  I need to set default current user in this.
  I found few options with javascript.
  Thanks in Advance.
  Where I can find on set of default commands like Today
  Hari

  Hi,
  Default current user can’t be got in calculated column like Today. I suggest that use SPD Workflow described above or JavaScript. Open NewForm page of the list, then add “pageview=shared&toolpaneview=2”
  to the page URL, click Enter to go to edit mode. Then add a Content Editor Web Part to the bottom of NewForm page, copy the code bellow into Source Editor of CEWP.   
  <script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script>
  <script type="text/javascript" src="http://come:100/sites/collection1/Shared Documents/jquery.SPServices-0.7.0.js"></script>
  <script type="text/javascript">    
  $(document).ready(function(){
  var CurrUser=$().SPServices.SPGetCurrentUser({
  fieldName: "Name", debug: false});
  $('#ctl00_m_g_dab5800a_09ac_4f35_97f6_9b5496127f68_ctl00_ctl04_ctl02_ctl00_ctl00_ctl04_ctl00_ctl00_UserField_upLevelDiv').html(CurrUser);
  </script>
  Note:
  download jquery.SPServices-0.7.0.js here and upload it to your own site:
  http://spservices.codeplex.com/SourceControl/list/changesets, and then replace the route of jquery.SPServices-0.7.0.js above with the route in your site. ctl00_m_g_dab5800a_09ac_4f35_97f6_9b5496127f68_ctl00_ctl04_ctl02_ctl00_ctl00_ctl04_ctl00_ctl00_UserField_upLevelDiv
  is the id of the people-picker, please find it in your own NewForm page.
  Another method, you can use Event Handler. Here is the example code.
  public
  override void ItemAdded(SPItemEventProperties properties)
  if (properties.ListTitle == "listname")//replace listname with your list.
  SPWebcurrentWeb = properties.OpenWeb();
  SPUseruser = currentWeb.SiteUsers.GetByID(properties.CurrentUserId);
  SPListItemliitem = properties.ListItem;
  SPFieldUserValuefieldUser =
  newSPFieldUserValue(currentWeb, user.ID, user.LoginName);
        liitem["currentuser"] = fieldUser;//replace currentuser with your field name.    
        liitem.Update();
  //base.ItemAdded(properties);
  If anything unclear, please feel free to ask.
  Thanks.
  Emir Liu
  TechNet Community Support

• Local NTFS permissions needed for Palm software?

  Does anyone know the NTFS permissions needed on the local computer for a standard user to run the Palm software?
  Post relates to: Palm TX

  Hello Cajuntank and welcome to the Palm forums.
  Palm Desktop needs to be installed with the local administrator priviledge during the install of Palm Desktop, the HotSync Manager, the first HotSyn sync, and the installation of any third-party conduits on the desktop.
  After that, the local admin rights can be revoked.
  Alan G

• Permissions needed for mobile account file sync

  Hello,
  I have set up my account as mobile account in an AD domain.
  When FileSync syncs the files automatically, then I often get errors as follows:
  File xyz could not be synced.
  Permission denied.
  What permissions does FileSync need to work correctly?
  Regards
  Florian

  SCOM Action account does not required to be local administator of agent machine
  The action account is used to gather information about, and run responses on, the managed computer (a managed computer being either a management server or a computer with an agent installed). The MonitoringHost.exe processes run under the action account or
  a specific Run As account.
  You may use local system or domain account for agent action account.
  For Domain user agent's action account, you can use a low-privileged account by ensurin that the account have the following minimum privileges:
  • Member of the local Users group
  • Member of the local Performance Monitor Users group
  •“Allow log on locally” permission (SetInteractiveLogonRight)
  https://technet.microsoft.com/en-us/library/hh212808.aspx
  Roger

• Permissions needed for user to define workflow variable

  Hi all
  im using a workflow on sharepoint designer 2007, running on list of customer orders. the workflow is trying to use data from customer list.
  In the workflow i used the "define workflow variable" step on customer order list. the users who are using the order list have Contribute permission so they can add items. on the customer list they have read permission.
  when an item is created, the workflow is suppose to generate the varieble by combining data from the two lists: selecting the customer from the current order item and suppose to combine it with data from the customer list for that specific customer
  and keeps it in the variable.
  for users with full control permission for the site, the workflow is completed ok. for the users with the contribute and read permissions it ends with an error and doesnt store the variable (i cheked it by storring the variables in the workflow history).
  what are the permission needed to manage to do the action of storring the variable?
  or any other ideas for the error?
  Thanks in advance

  Hello Cajuntank and welcome to the Palm forums.
  Palm Desktop needs to be installed with the local administrator priviledge during the install of Palm Desktop, the HotSync Manager, the first HotSyn sync, and the installation of any third-party conduits on the desktop.
  After that, the local admin rights can be revoked.
  Alan G

• Permissions needed for sql server job to execute stored procedure on linked server?

  Hi all
  I have a job step which attempts to call a stored procedure on a linked server.
  This step is failing with a permission denied error. How can I debug or resolve this?
  The job owner is sysadmin on both servers so should have execute permission to the database/proc I'm calling, right?
  The error is:
  The EXECUTE permission was denied on the object 'myProc', database 'myDatabase', schema 'dbo'. [SQLSTATE 42000] (Error 229).  The step failed.
  My code is:
  EXEC [LinkedServer].myDatabase.dbo.myProc
  Also tried:
  SELECT * FROM OPENQUERY([LinkedServer], 'SET FMTONLY OFF EXEC myDatabase.dbo.myProc')
  With the same result.
  Any help appreciated.

  The job owner may be sysadmin on the remote server. The service account for SQL Server Agent may not. And it is the latter that counts, since the it the service accounts that logs in and impersonates the job owner. But the impersonation inside SQL Server
  does not count much in Windows, and it is through Windows connection is made to the other site.
  One way to resolve this is to set up a login mapping for the job owner. The login mapping must be for an SQL login on the remote server.
  You can verify the theory, but running this query from the job:
     SELECT * FROM OPENQUERY([LinkedServer], 'SELECT SYSTEM_USER')
  By the way, putting SET FMTONLY OFF in OPENQUERY is a terrible idea. This has the effect that the procedure is executed twice. (Unless both servers are SQL 2012 or higher in which case FMTONLY has no effect at all.)
  Erland Sommarskog, SQL Server MVP, [email protected]

• I have 51 apps that were indicated need for updating.  Clicked update all and now there is only a very slow progression thru the apps.  Why so slow?  Should apps be updated one at a time?

  I have 51 apps that needed updating.  I clicked update all and then they began to very slowly update.  Very slow. Is this usual?  Should I update one app at a time and do I really need to do all this updating all the time?  It's time consuming or am I doing something wrong?

  51 apps is a lot, it could take time.  It also depends on the local network and how busy it is.  Many users have complained today that they can access contacts, calendars, and/or email - maybe there are server problems right now (and today is the big Apple announcements, so things may be in flux).
  When I have a lot of apps to update, I do it using iTunes on my mac.

• Itunes in app purchase dont work on itunes Store for people who live in brazil?

  In app purchase is not working for people who live in brazil?so many people cant do it plz fix that.

  These are user-to-user forums, you are not talking to Apple here.
  What happens when you try to buy in-app purchases, do you get any error messages ? If you are getting a message to contact iTunes support then you can do so via this page : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Purchases, Billing & Redemption
  If something else happens ... ?

• SharePoint 2013 People Picker to Send Email

  I am having trouble finding a solid answer so I'm hoping someone here has it. Some questions get close, but something isn't matching up.
  Here is the need:
  User fills out a form in a SharePoint list. (the form does not ever open in InfoPath, though that is where it is designed)
  User selects an Account Manager using a People Picker field. This works just fine.
  User submits the form.
  The submit button has rules that send the email to a user, the same Account Manager that is selected in the people picker.
  I cannot use a workflow for this because the form is already designed and lots of time
  has been put into all the rules and controls on it. The form must be used.
  I've been able to use the secondary data connection method to query the User Information List and I did get that to work, but only in the preview mode of InfoPath 2010. I'm thinking the query doesn't ever happen while editing/submitting the form on the SharePoint
  web site. If the User Information List query would work while on the SharePoint website view of the form, that would be the missing link. Is that something one could do?
  What am I missing? I feel like it should be easier than this to send to an email address based on a people picker selection.
  Thanks for the assistance,
  Colton

  Within the InfoPath client, you should be able to define the data connection to pull from the UPA (http://blogs.technet.com/b/anneste/archive/2011/11/02/how-to-create-an-infopath-form-to-auto-populate-data-in-sharepoint-2010.aspx), then use a Submit action
  to send email to the user in the PeoplePicker control.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.