1.877.833.1202

Change Service Account to Another Account

The Service Account change utility has 2 important functions - and while this utility is not needed very often, it saves about 20 minutes of time by providing a wizard interface for a Domain\System Administrator to make changes in these two specific areas by spending 30 seconds filling out some forms:

  1. Change Service Account's password if this password needs to be changed 
  2. Change the service account to a different service account (this article covers this procedure)

The FileHold Server Application runs under a service account model, it has specific permissions, memberships and rights to run the FileHold Server application. This tool must be run by a domain administrator who also has access to the SQL databases, the FHInstrumentation tool uses Windows authentication to safeguard the process. It depends on the rights of the user running it.

  • The service account can be a local account, or a domain account.
  • It should not be an administrator or domain administrator level account
  • It should have a strong password that complies with your domain security policy.
  • It's password should not expire, nor should the account have the ability to change it's own password
  • It must have SQL Server login permissions where the FileHold databases are stored and managed
    • It must be the DB Owner of all of the databases that are part of FileHold
  • It must have Login as Service and Login as batch rights under the Local Security Policy.
  • It must be a member of the IIS_IUSRS group
  • It must run the FH App Pool in IIS 7.X
  • It has specific settings in each of the FileHold web services
  • It must have full control of the FileHoldData storage structure, specifically the:
    • DocumentRepository
    • FullTextSearch
    • FHURMBackups

All of this has to be set for the FH_Service account for the FileHold server to function properly.

Change Service Account - perform this procedure when users are not using the system, or notify them that there will be a few minutes of downtime. This procedure takes about 2-3 minutes at most.

  • Launch the Change Service Account tool
  •  Fill out the form as required

2.PNG

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Procedure:

  • Enter in the DOMAIN\FH_Service information
  • Enter in the password information twice
  • leave the scheduled task settings with "localhost" intact
  • You will be connecting with your Windows Credentials so leave that intact. You can also use a SQL administrators credentials who is also a member of the Administrators group for this server, but if your system is synchronized with Active Directory then a Domain Admin with SQL administrator credentials will be needed.
  • Enter in the path to the WebClient's LoginForm - using the example - add https if you are using SSL.
  • Click Next to go to the final form page:

3.PNG

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  

  • Your ADAM settings should look the same - a tiny percentage of customers run ADAM under a custom PORT #
  • Enter in localhost, DATABASE Server name or DATABASE\INSTANCE name
  • Make sure to Update security settings of Windows TEMP directories
  • Click Next to go to the Final page for the Action > Status page

ServiceAccount-5.PNG

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  • Click Update to start this process.
  • Once completed - if all completed successfully, then click FINISH.
  • Since the FH App Pool is stopped, the status will complain about this, simply start the FH App Pool if required
  • Occasionally, the FileHold Workflow Host Service will not start - simply start it manually to address this

Finally:

  • Restart WWW Service
  • Restart FHURM Service
  • Restart FH Workflow Host Service (if you are using this)
  • Start the FH App Pool
  • Login to FileHold with Web Client and Desktop Client
  • Verify all scheduled tasks can run
    • (skip the AD Sync related task if your system is not synchronizing with Active Directory)

 

End of Procedure: