Chapter 1 ■ planning for team foundation Server
4
Accounts and Permissions
You will need a number of accounts for installing and running Team Foundation Server. Since the largest
number of issues I get questions on end up being permissions related as a root cause, I’m going to suggest
that you read this section carefully, without opting for shortcuts. Also, unless you are working on an upgrade
where the accounts have been established and working for a while, I’m going to recommend that you
establish new accounts and not reuse old ones, especially if this is an enterprise install.
Why you ask? Well, for one thing, people tend to adjust the security settings and permissions of
accounts over time either by accident (i.e., having trouble with getting a service to run and giving it Domain
Administrator privileges, and then forgetting to set it back), or if you have an IT security group that scans for
privileged accounts and scales them back based on the last login date (I worked for a large defense contractor
where that was the norm; caused me days of aggravation). You’ll avoid that by starting with new accounts.
Also, no section like this would be complete without a disclaimer: these recommendations should fit
most situations. If you are building a large scaled-out environment in a really security-strict environment,
you will likely need to make some additional adjustments to comply with these rules. Also, the user accounts
could be domain (recommended) or local accounts. If you are installing a component in a workgroup, you
must use local accounts for user accounts, however. The following names are only suggested. There is no
real requirement to use a specific name, but if you do not, be sure to list the one you use since I’ll be referring
to the suggested name from here on out.
Table1-2 provides the lists of user and service accounts, including descriptions of what they are.
Details Parameters for Installation
Service account names and login information. You’ll want this
information handy throughout the tasks in this book. If you are
creating these, see the “Accounts and Permissions” section in this
chapter as well to make sure that you have the permissions set
correctly. In a simple single server environment you may choose
to use a single account for this, TFSSERVICE for instance.
You will need these basic accounts for installation and operation
(see the “Accounts and Permissions” section). A common question
I get is, “Do I need to actually name my accounts this?” You don’t.
But if you do, it will make your life easier since this is how they are
referred to in most Microsoft documentation and this book.
But if you don’t, here is a handy place to list the equivalents:
TFSREPORTS – reporting reader account
TFSSEVICE – the server service
TFSBUILD – for the build service
TFSPROXY – for the proxy service
And you’ll need these for the other supporting software
(see the “Accounts and Permissions” section, but these are
generally user accounts):
WSSSERVICE – for SharePoint
SQLSERVICE – for SQL Server
☑ TFSREPORTS
☑ TFSSEVICE
☑ TFSBUILD
☑ TFSPROXY
☑ WSSSERVICE
☑ SQLSERVICE
Visual Studio Team Foundation Server 2015. You’ll need this
later on during the installation. For now, just locate the Team
Foundation Server 2015 DVD or ISO file from MSDN.
☑ InstallationMedia/ISO
Table 1-1. (continued)