How to run SV Server under a different user

0 Likes

Motivation:

During installation, you can select a user under which SV Server will run as a Windows service. By default, it will run under the Local System and most people use this option. There 2 possible drawbacks of running SV Server under the Local System:

  • SV encrypts all passwords using a special autogenerated GUID stored in the Windows Credential Store of the account, which installed the SV Server, as well as of the account that runs the SV Server. To install a patch, you need to run it under one of these 2 accounts. But in Windows, it's not straightforward to run an installer or another process under the Local System account. If additionally, the person who installed SV leaves the company, you may have an issue. A better approach is to have a special Machine Administrator account running the SV Server as a Windows service. Additionally you can log in under that user and install a patch, as well as you can easily get to its Credential Store and all other settings and information.
  • The Local System account is a special Windows user and it may be challenging to set its permissions granting access to external resources like a database deployed on a different machine or an MQ server. For the Local System account in the case of the Integrated Windows SQL authentication, remote database connections will be established under a special "MachineName$" user, which is impractical to configure.

Overview:

  • Change the user running the Service Virtualization Server service.
  • Copy the password used by the SV Server to encrypt various internal SV resources (this action will be automated in the next SV release, but currently requires manual steps as described below). 
  • If your SV Server runs under the Local System user the encryption password is stored in the Local System’s credential store, which can’t be reached without scripting (the same password is also stored inside the credential store of the user who originally installed SV).

Reconfiguration Steps:

  1. Stop the Service Virtualization Server service in services.msc
  2. Make the user who will run the SV Server a member of the Administrators group, as well as of the SVM Users, SV Server Administrators, SV Operators, SV Publishers, and SV Runtime Administrators groups.
  3. Log in to Windows under that user.
  4. In the Services dialog (services.msc), right-click Service Virtualization Server service, select Properties, go to the Log On tab, specify the user/password, under which you want SV Server to run. Click OK, but don’t start the service yet.
  5. Copy the encryption password to the Windows Credential Store of the user which will run the SV Server as described in https://community.microfocus.com/adtd/sv/w/sv_tips/40190/how-to-run-backup-restore-or-install-a-patch-under-another-user 
  6. Start the Service Virtualization Server service from services.msc

Labels:

How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended