Knowledgebase

Search by Keyword

Search by Product

RFBA: Creating a service account for RFBAServer in Windows

(240 Views)

IMPORTANT: Creating a service account may introduce a security risk. It is recommended that you follow strong password guidelines for this account.

Creating a service account that is designated to log in the RFBAServer service gives you more direct control over the service. Without a service account, when you stop the RFBAServer service (for example, if you want to back up the SE databases), the RFBA service can sometimes get hung in a “Stopping” state. Once in this state, the only way to restart the service is to reboot the server. You may sometimes be able to end the RFBAServer task in Task Manager, but because the RFBAServer service is normally logged in under the Local System account, attempting to end the RFBAServer task often results in an “access denied” message.

Creating a service account will help you avoid having to reboot the entire server in order to restart the RFBAServer service, should it end up in the “Stopping” state.

To create a service account if RFBA is being served by a domain controller:
  1. Create a network user ID, saReadNaturally. This ID does not need any special group membership, but it must have a password that does not change.
  2. On the domain controller, give the network user ID modify permissions for the RFBAServer folder. (The default location is C:\Program Files\RFBAServer.)
  3. Choose Start > All Programs >Administrative Tools > Local Security Policy. Expand Local Policies (click +), choose User Rights Assignment, and then double-click Log on as a service. Click Add User or Group, enter the network user ID saReadNaturally, and then click OK.
  4. Choose Start > All Programs > Administrative Tools > Computer Management.
  5. Expand Services and Applications (click +) and click Services to display all services.
  6. Locate the RFBAServer service, right-click it, and choose Properties.
  7. Choose the Log on tab and change Log on as from Local system account to This account. Click Browse, enter the network user ID saReadNaturally (created in step 1), and click OK.
  8. Enter and confirm the password and then click OK.
  9. Stop and start the service so the changes take effect. (Right-click RFBAServer and choose Stop, then right-click RFBAServer again and choose Start.)
To create a service account if RFBA is being served by a non-domain controller server or a Windows XP workstation:
  1. Right-click My Computer and choose Manage.
  2. Expand Local Users and Groups (click +) under System Tools.
  3. Right-click Users and choose New User. Specify the following information and then click Create:
    • User name: saReadNaturally
    • Full name: saReadNaturally
    • Description: Service account for RFBAServer service
    • Password: <specify a password>
    • Confirm password: <specify the password again>
    • Uncheck User must change password at next logon.
    • Check User cannot change password.
    • Check Password never expires.
  4. Add the service account to the Administrators group by performing these steps:
    1. From Computer Management, choose Groups.
    2. Double-click Administrators.
    3. Click Add.
    4. Enter saReadNaturally, click Check Names to fully resolve the name, and then click OK.
    5. Click OK to finish adding the account to the Administrators group.
  5. Add the service account to the RFBAServer service by performing these steps:
    1. From Computer Management, expand Services and Applications (click +) and double-click Services to open it.
    2. Locate the RFBAServer service, right-click it, and choose Properties.
    3. Choose the Log on tab and change Log on as from Local system account to This account. Click Browse, enter the network user ID saReadNaturally (created in step 1), and click OK.
    4. Enter and confirm the password and then click OK.
    5. Start the RFBAServer service so that this service account is the owner of the RFBAServer service. (Right-click RFBAServer and choose Stop, then right-click RFBAServer again and choose Start.)
    6. Verify that the Log on As column shows the new service account’s name.
Contact

Please let us know what questions you have so we can assist. For Technical Support, please call us or submit a software support request.

 
Click to refresh image