Managing the Service Account

From time-to-time it may be necessary to change the windows user or password associated with FileHold. For example, you may switch from a local user account to a domain user account. Or, your IT security policy requires you to periodically change user passwords even for technical users like the FileHold service account. This user information must be changed in all services and tasks that are part of FileHold. Although you could change these manually, this is both error prone and time consuming. The Service Account change utility allows you to change the password or the user id and password of your FileHold service account in all places at once.

The service account for FileHold is a critical part of the FileHold configuration. If this value is not correct your FileHold system will not operate. Take the appropriate care when making any changes to this value. It is recommended you familiarize yourself with this process and trial this change on a test server before making the change in a production server. Plan to make this change during off hours as users will be offline for a short period of time. These instructions are intended for a skilled Windows administrator with administration access to the FileHold server.

Overview of the FileHold service user

The FileHold Server Application runs under a service account model, it has specific permissions, memberships and rights to run the FileHold Server application. There are a number of components that rely on the service user.

  • The Windows World Wide Web (WWW) service.
  • The FileHold application pool in IIS: FH App Pool.
  • All FileHold tasks in the task scheduler. Each task name begins with FH.
  • FHURM service (FileHold version 14 and lower only)

A number of requirements must be met related to the FileHold service user and the FileHold and SQL servers.

  • The service account can be a local server or a domain account, but it should not have administrative privileges. Domain accounts are preferable in an external SQL server or Sharepoint server environment.
  • It should have a strong password that complies with your corporate security policy.
  • Ideally the service account password should not expire and it should not be able to change its own password. Your IT policy may require periodic password changes. Plan for this situation well in advance to ensure minimal or zero user downtime.
  • It must have SQL Server login permissions where the FileHold databases are stored and managed and it must be the database owner for each of the four or five (FileHold version 12 and lower only) FileHold databases.
  • It must have Log on as a service and Logon as a batch job rights in the Local Security Policy settings.
  • It must be a member of the IIS_IUSRS group
  • It must have full control of the FileHold data storage locations including the document repository, full text search index, FHURM backups (FileHold version 12 and lower only), web client temporary upload, and any ADI watched folders.
  • It must be the owner of the IIS virtual directories.

Changing the service account password

The process for changing the service account is nearly identical to changing the service account password.

service account change

  1. Log into the FileHold server with administrative privileges.
  2. Start up FHIT normally and select Service Account change.
  3. Choose Change Service Account's password.

    service account change password

  4. Enter the new password for the FileHold service account.
  5. Re-enter the service account password. The password you enter in the change password tool is not verified as a valid password. The two passwords you enter are only compared to each other.
  6. Leave the server name as localhost as you should be running the FHIT tool from the FileHold server.
  7. Enter the address of the web client login form. Make sure to include the correct protocol http or https depending on your system configuration.
  8. Click Next.

    service account password change status


    From this point forward your users will be offline until you restart the system.

  9. Notify your users that FileHold will be unavailable.
  10. Disable all FileHold scheduled tasks.
  11. Stop the WWW service.
  12. Click Update to change the FileHold configuration.
    1. If there are errors during processing, correct the problem and update again.
  13. Click Finish to exit the tool.
  14. Start the WWW service.
  15. Enable all FileHold scheduled tasks.
  16. Run each of the scheduled tasks to ensure they can run without errors.
  17. Run the FileHold Health Checker Tool to validate the system.
  18. Login to FileHold using the desktop and web client, verify you can search, download, and upload documents.