2

TFS service module has a login option of NT_Authority\Network Service. If I select that, will TFS be able to login? Is the NT_Authority a group that I need to add users to? Or is NT_Authority\network service something that Windows handles automatically for me?

I just don't get what NT Authority is. It looks like (from google) that it is an automatically handled user that can start different services. If this is the case, how do I prevent all users on a machine from being able to access the TFS service module (since NT Authority exists for ALL users).

Sorry I don't get the basics of this bad boy.

Thanks!

Tyler DeWitt
  • 171
  • 3
  • 11

2 Answers2

3

They are not actual user accounts that are created. NetworkService and LocalService (and others) are special builtin identities that Windows uses to allow services to logon. Those two in particular are intended to let a service do its work with limited permissions and rights.

Also note that it is possible to configure a scheduled task to run as NT AUTHORITY\SYSTEM with no password on Windows 2003 (or just SYSTEM on Windows 2008).

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
  • So I don't need to do anything to take advantage of these "accounts"? – Tyler DeWitt Nov 02 '11 at 23:08
  • No, those special identities are created precisely for your convenience, so that you could (and hopefully would ;-) use them. You should however be aware of the limited permissions conferred to these identities. They may be unable to access some resources, so it is possible that depending on what the service does, you may need to switch to an account or the system identity that provides more elevated permissions. – Greg Askew Nov 02 '11 at 23:59
0

You can use NetworkService for TFS. In fact, it is the default account that TFS uses during setup.

But be aware -- in TFS 2010, if you are using more than one server for your TFS deployment, you have to add the TFS Service account to the report server and as a farm admin on SharePoint. TFS install does this automatically if RS is on the TFS server (and if you let TFS install SharePoint during TFS installation, the SharePoint permissions are also dealt with automatically).

Here is the MSDN page that discusses all of this: http://msdn.microsoft.com/en-us/library/dd578625.aspx

Tim Elhajj
  • 393
  • 2
  • 7