Microsoft KB Archive/832770

= How to change the application pool identity for Windows SharePoint Services administration and content virtual servers =

Article ID: 832770

Article Last Modified on 9/26/2007

-

APPLIES TO


 * Microsoft Windows SharePoint Services

-





IN THIS TASK

 * SUMMARY
 * Change the Application Pool Identity for Windows SharePoint Services Administration and Content Virtual Servers
 * Step 1: Add the User Account That You Want to Use as the Application Pool Identity to the Security Administrators and the Database Creators Roles in SQL Server
 * Step 2: Configure the Database Owner for the Windows SharePoint Services Content and the Configuration Databases
 * Step 3: Add the User Account That You Want to Use as the Application Pool Identity to the IIS_WPG and the STS_WPGGroups in Microsoft Internet Information Services (IIS)
 * Step 4: Verify That the IIS_WPG Group Has Appropriate Permissions to the Content Folder of the Virtual Server
 * Step 5: Configure the User Account as the Application Pool Identity for SharePoint Central Administration
 * Step 6: Configure the User Account as the Application Pool Identity for the Content Virtual Server
 * REFERENCES



SUMMARY
This article describes how to change the application pool identity for Microsoft Windows SharePoint Services administration and content virtual servers.

back to the top

Change the Application Pool Identity for Windows SharePoint Services Administration and Content Virtual Servers
To change the user account that is configured as the application pool identity for the administration and content virtual servers, follow these steps.

back to the top

Step 1: Add the User Account That You Want to Use as the Application Pool Identity to the Security Administrators and the Database Creators Roles in Microsoft SQL Server 2000
To assign the user account that you want to use as the application pool identity to the Security Administrators role and the Database Creators role in SQL Server 2000, follow these steps:
 * 1) Start SQL Server Enterprise Manager.
 * 2) In the left pane, under the name of the server that you want to grant access to, expand Security.
 * 3) In the right pane, right-click Logins, and then click New Login.
 * 4) Click the General tab, and then in the Name box, type the name of the user account.

Make sure that you specify the user name by using the \  format.
 * 1) Click the Server Roles tab, and then click to select the Security Administrators check box and the Database Creators check box.

Note Make sure that you do not specify any databases for this new login on the Database Access tab
 * 1) Click OK, and then quit SQL Server Enterprise Manager.

Note If you want to use different user accounts for the administration virtual server and for the content virtual server, you must assign each user account to both the Security Administrators role and the Database Creators role in SQL Server.

back to the top

Step 2: Configure the Database Owner for the Windows SharePoint Services Content and the Configuration Databases
To configure the database owner for the Windows SharePoint Services content and the configuration databases, follow these steps.

Content Database  On the server that is running SQL Server, start SQL Query Analyzer. In the Connect to SQL Server dialog box, specify the name of the server that you want to connect to, specify the type of authentication, and then click OK. On the Query menu, click Change Database. In the Select Database of  dialog box, click the content database that you want to update, and then click OK. In the Query pane, type the following lines, where \  is the domain user account for the content virtual server and  \  is the domain user account for the administration virtual server:

DECLARE @AdminVSAccount nvarchar(255)

DECLARE @ContentVSAccount nvarchar(255)

SET @ContentVSAccount = N' \ ';

SET @AdminVSAccount = N' \ ';

EXEC sp_grantlogin @ContentVSAccount;

EXEC sp_grantlogin @AdminVSAccount;

EXEC sp_changedbowner @AdminVSAccount;

IF NOT EXISTS (SELECT * FROM sysusers WHERE name=@ContentVSAccount)

EXEC sp_grantdbaccess @ContentVSAccount; EXEC sp_addrolemember 'db_owner', @ContentVSAccount;

 On the Query menu, click Execute to run the query.

Note If the domain user account for the content virtual server and the administration virtual server are the same user account, SQL Query Analyzer displays a message that is similar to the following when you run the query. However, the operation is completed successfully:

Database owner changed.

Server: Msg 15023, Level 16, State 1, Procedure sp_grantdbaccess, Line 127

User or role 'domain\account' already exists in the current database.

Server: Msg 15410, Level 11, State 1, Procedure sp_addrolemember, Line 66

User or role 'domain\account' does not exist in this database.

</ol>

Configuration Database <ol> On the server that is running SQL Server, start SQL Query Analyzer.</li> In the Connect to SQL Server dialog box, specify the name of the server that you want to connect to, specify the type of authentication, and then click OK.</li> On the Query menu, click Change Database.</li> In the Select Database of  dialog box, click the configuration database that you want to update, and then click OK.</li> In the Query pane, type the following lines, where \  is the domain user account for the content virtual server and  \  is the domain user account for the administration virtual server:

DECLARE @AdminVSAccount nvarchar(255)

DECLARE @ContentVSAccount nvarchar(255)

SET @ContentVSAccount = N' \ ';

SET @AdminVSAccount = N' \ ';

EXEC sp_grantlogin @ContentVSAccount;

EXEC sp_changedbowner @AdminVSAccount;

IF NOT EXISTS (SELECT * FROM sysusers WHERE name=@ContentVSAccount) EXEC sp_grantdbaccess @ContentVSAccount;

EXEC sp_addrolemember 'db_owner', @ContentVSAccount;

EXEC sp_addsrvrolemember @AdminVSAccount, 'dbcreator'

EXEC sp_addsrvrolemember @AdminVSAccount, 'securityadmin'

</li> On the Query menu, click Execute to run the query.

Note If the domain user account for the content virtual server and the administration virtual server are the same user account, SQL Query Analyzer displays a message that is similar to the following when you run the query. However, the operation is completed successfully:

Database owner changed.

Server: Msg 15023, Level 16, State 1, Procedure sp_grantdbaccess, Line 127

User or role 'domain\account' already exists in the current database.

Server: Msg 15410, Level 11, State 1, Procedure sp_addrolemember, Line 66

User or role 'domain\account' does not exist in this database.

</li></ol>

back to the top

Step 3: Add the User Account That You Want to Use as the Application Pool Identity to the IIS_WPG and the STS_WPGGroups in Microsoft Internet Information Services (IIS)
To add the user account (or accounts) to the STS _WPG group and the IIS_WPG group in IIS, follow these steps:
 * 1) Start Active Directory Users and Computers.
 * 2) Click Users.
 * 3) In the right pane, right-click IIS_WPG, and then click Properties.
 * 4) Click the Members tab, and then click Add.
 * 5) In the Select Users, Contacts, Computers, or Groups dialog box, type the name of the user account that you want to add, and then click OK.
 * 6) Click OK.
 * 7) In the right pane, right-click STS_WPG, and then click Properties.
 * 8) Click the Members tab, and then click Add.
 * 9) In the Select Users, Contacts, Computers, or Groups dialog box, type the name of the user account that you want to add, and then click OK.
 * 10) Click OK.

back to the top

Step 4: Verify That the IIS_WPG Group Has Appropriate Permissions to the Content Folder of the Virtual Server
Make sure that the IIS_WPG group has Read and Write permissions to the content folder for the virtual server. For example, if the content folder for the virtual server is the C:\Inetpub\Wwwroot folder, make sure that the IIS_WPG group has Read and Write permissions to that folder.

back to the top

Step 5: Configure the User Account as the Application Pool Identity for SharePoint Central Administration
To configure the user account as the application pool identity for SharePoint Central Administration, follow these steps: <ol> Configure the user account as the application pool identity for SharePointCentral Administration. To do so, follow these steps: <ol style="list-style-type: lower-alpha;"> Start Internet Information Services (IIS) Manager.</li> Expand  , and then expand Web Sites.</li> Right-click SharePoint Central Administration, and then click Properties.</li> Click the Home Directory tab.</li> Under Application settings, make a note of the application pool that appears in the Application pool box, and then click Cancel.</li> Expand Application Pools.</li> Right-click the application pool that you identified in step 1e, and then click Properties.</li> Click the Identity tab.</li> Under Configurable, specify the user account name (in \  format) and password in the User name and Password boxes, and then click OK.</li></ol> </li> <li>Restart IIS. To do so, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, and then click Run.</li> <li>In the Open box, type cmd, and then click OK.</li> <li>At the command prompt, type iisreset, and then press ENTER</li> <li>Type exit, and then press ENTER to exit Command Prompt.</li></ol> </li> <li>Synchronize the Windows SharePoint Services Timer Service with the new user account information. To do so, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Start SharePoint Central Administration.</li> <li>On the Windows SharePoint Services Central Administration page, under Server Configuration, click Configure virtual server for central administration.</li> <li>On the Configure Administrative Virtual Server page, click Use an existing application pool, and then click OK.</li></ol> </li> <li>Restart IIS. To do so, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, and then click Run.</li> <li>In the Open box, type cmd, and then click OK.</li> <li>At the command prompt, type iisreset, and then press ENTER</li> <li>Type exit, and then press ENTER to exit Command Prompt.</li></ol> </li></ol>

back to the top

Step 6: Configure the User Account as the Application Pool Identity for the Content Virtual Server
To configure the user account as the application pool identity for the content virtual server, follow these steps: <ol> <li>Configure the user account as the application pool identity for the content virtual server. To do so, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Start Internet Information Services (IIS) Manager.</li> <li>Expand  , and then expand Web Sites.</li> <li>Right-click the content virtual server, and then click Properties.</li> <li>Click the Home Directory tab.</li> <li>Under Application settings, make a note of the application pool that appears in the Application pool box, and then click Cancel.</li> <li>Expand Application Pools.</li> <li>Right-click the application pool that you identified in step 1e, and then click Properties.</li> <li>Click the Identity tab.</li> <li>Under Configurable, specify the user account name (in \  format) and password in the User name and Password boxes, and then click OK.</li></ol> </li> <li>Restart IIS. To do so, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, and then click Run.</li> <li>In the Open box, type cmd, and then click OK.</li> <li>At the command prompt, type iisreset, and then press ENTER</li> <li>Type exit, and then press ENTER to exit Command Prompt.</li></ol> </li></ol>

back to the top

<div class="references_section">