Monday, 10 August 2015

Group policy settings for SP2013

Recently I had to sort out group policy user rights for SP2013 service accounts - I put together the following table which may be useful to anyone else out there who has to do this:

GPO setting
Service Account
Path
Notes
Act as part of the Operating System
Claims to Windows
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

Allow log on locally
Farm
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
Also added Administrators
Adjust memory quotas for a process
Setup
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Reporting Services
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Search
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Service Apps
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Web Apps
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Farm
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

Impersonate a client after authentication
Claims to Windows
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
Also added Administrators and SERVICE

Web Apps
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Farm
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Search
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

Logon as a batch job
Workflow
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Farm
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Web Apps
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Service Apps
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

Logon as a service
Setup
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Claims to Windows
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Search
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Service Apps
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Workflow
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Farm
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Web Apps
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

Replace a process level token
Setup
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Reporting Services
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Search
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Service Apps
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Web Apps
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Farm
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

Local Administrators Group
Setup
\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Restricted Groups







No comments:

Post a Comment