To Configure Process Logon Credentials

A working Server 2008 R2, or later, installation is required to perform these steps.

Some of the processes used by Enterprise Server for .NET need to be run as a Windows administrator user that has sysadmin permissions to access the SQL Server databases used by the system (i.e. region, cross-region and datastores). These processes are:

seemonitor.exe - the event monitor
w3wp.exe - the IIS application pools

Configuring processes running on the same machine as the SQL Server instance
By default, these processes are configured to run as the LocalSystem user. This user has Windows administrator privileges, but will not have any database access permission. To give LocalSystem database access, you must add the NT Authority\SYSTEM user as a user in the SQL server instance and give it sysadmin permissions.
Configuring processes running on a different machine from the SQL Server instance
1. Stop the seemonitor service if it is running.
2. Modify the logon user for seemonitor.exe. Open the services management console (services.msc) and change the logon user for the seemonitor service to the required user and password.
3. Modify the logon user for IIS. Open the IIS management console and navigate to the Micro Focus SEE for .NET (Dispatcher) v4.0 application pool. In the advanced settings, change the identity to the user you want to use. Do the same for the Micro Focus SEE for .NET (SEP) v4.0 application pool.
4. In the SQL server instance, create the user(s) that you have just defined for the seemonitor.exe and w3wp.exe processes to run under, and give them sysadmin database access permission.
5. Reset the IIS application pools using the wasreset /full command.
6. Restart the seemonitor service.

Enterprise Server for .NET Administration UI

The Enterprise Server for .NET Administration UI also requires database access. This process should also be run as a Windows administrator user with sysadmin permissions to access the SQL Server database used by the system to ensure that all operations provided by the UI can be successfully performed. However, it is possible to run the UI as a Windows administrator user without sysadmin database permissions, but with a potential reduction in functionality. To do this, the user should be given the db_datareader access role in addition to being granted any of the permissions indicated in the following tables:

Region database

Permission	Console View
EXECUTE	Displaying

Cross-region database

Permission	XA Resource Definitions	Shared Catalog Definitions	Security Configurations and Managers
EXECUTE	Viewing Adding	Adding	Viewing Adding
DELETE	Deleting		Deleting
CONTROL		Deleting

Datastore database

Permission	Datastore View
EXECUTE	Reading file
INSERT	Reading file Downloading file
DELETE	Closing file Downloading file
CONTROL	Uploading file
CREATE DATABASE (master db)	Create datastore
CREATE PROCEDURE	Reading file Uploading file
CREATE TABLE	Uploading file

Debugging

When debugging, the Visual Studio (devenv.exe) and seesep.exe processes also require database access. If the user running Visual Studio does not have sysadmin permission to access the region, cross-region and datastore databases that are to be used by the debugging sessions, then the user should be granted CONTROL permission to each. The user will also need to be granted VIEW SERVER STATE permission in the master database if datastore databases are used, as Enterprise Server for .NET's database file system support requires access to dynamic management views and functions (DMVs).