Server Load Permission Requirements

Problem

While trying to load SharePoint farm settings with SPDocKit I received:

Error occurred while loading server ‘ServerName’.

Why is this warning occurring?

During the Farm Load process SPDocKit will try to retrieve information about your servers. Please note that the following rights on your servers are optional, but depending on them some or all information about your server configuration and the corresponding best practice reports will not be available in SPDocKit. In order to allow SPDocKit to successfully gather all the information about your servers the following rights are necessary:

  1. Local Administrator on the server
  2. Windows Update service up and running

What will these granted rights be used for?

  1. Adding SPDocKit user accounts to a Local Administrator group on the server is needed for the WMI remote access and to get information about Windows updates. In case that you can’t give that right due to security requirements, see lower what you can grant instead this. The following reports will not be available:
    • Farm Explorer -> Servers in Farm -> Processors Info
    • Farm Explorer -> Servers in Farm -> Programs List
    • Farm Explorer -> Servers in Farm -> Available Windows Updates
    • Farm Explorer -> Servers in Farm -> Disks List
    • Farm Explorer -> Servers in Farm -> Local Admins
    • Best Practices -> Hardware Requirements -> Free Disk Space
    • Best Practices -> Hardware Requirements -> RAM
    • Best Practices -> Servers -> Hotfixes per Server Role -> all reports
  2. To retrieve a list of available Windows updates please make sure that Windows Update service is up and running. If the service is disabled or not running the following reports will not be available:
    • Farm Explorer -> Servers in Farm -> Available Windows Updates
    • Best Practices -> Updates -> Servers -> Windows Updates

Solution

  1. Add your SPDocKit user accounts to a Local Administrators group on the specified server.
    *In case that you have a very strict security policy and you cannot add this account to the Local Administrators group you can use this procedure to get most of reports working:
    • Add your SPDocKit accounts to following local groups: Backup Operators and Performance Log Users. This will allow us to remotely execute WMI queries and get information about SQL server.
    • Start winmgmt.msc, right click on WMI Control and select Properties.
    • Go to the Security tab and expand Root node. In the expanded list select cimv2 and click on the Security button.
    • Click on Advanced button, then click Add… and enter desired user and click OK.
    • Select option This namespace and subnamespaces in a dropdown list Apply to.
    • Make sure that you select  Enable Account and Remote Enable on the Allow list and then click OK four times.

  2. Go to Windows Update service and start it in Service Microsoft Management Console.

Additional SQL Server Load Requirements

Problem:

While trying to load SharePoint farm settings with SPDocKit I received a warning:

Loaded Server ‘ServerName’.

Why is this warning occurring?

There are some additional SPDocKit permission requirements to load SQL servers information. Please note that the following rights on your SQL servers are optional, but depending on them, some or all information about your SQL server configuration and the corresponding Best Practice reports will not be available in SPDocKit. In order to allow SPDocKit to successfully gather all the information about your SQL servers the following rights are necessary:

  1. Public server role
  2. Dbcreator server role and VIEW SERVER STATE permission
  3. Dbaccess permission on model database

What will these granted rights be used for?

  1. Public server role is needed to fetch real SQL server name. This right is necessary to connect to SQL and perform some basic T-SQL queries. Also when you add an account to SQL server, public role is automatically granted. If you are not granted this role, following reports will not be available:
    • Farm Explorer -> SQL -> SQL Aliases
    • Best Practices -> Databases -> SQL Aliases
  2. dbcreator role and VIEW SERVER STATE permission is necessary in order to load configuration of the SQL server. Following reports will not be available:
    • Farm Explorer -> SQL -> all reports
    • Best Practices -> Databases -> Database Files
    • Best Practices -> Databases -> Max Degree of Parallelism
    • Best Practices -> Databases -> SharePoint Database Autogrowth
    • Best Practices -> Databases -> TempDB -> all reports
  3. dbaccess permission is necessary in order to load information about the model database. In case that you don’t add this right, following reports will not be available:
    • Best Practices -> Databases -> ModelDB -> ModelDB Files Autogrowth
    • Best Practices -> Databases -> ModelDB -> ModelDB Files Initial Size
    • Best Practices -> Databases -> ModelDB -> ModelDB Recovery Model

Solution

  1. Create a new user on SQL server that will be used for SPDocKit.
  2. Add dbcreator role to your SPDocKit account and execute following T-SQL query:
    GRANT VIEW SERVER STATE TO “DOMAIN\ACCOUNT”
  3. Execute following T-SQL query to add necessary permissions:
    USE model
    GO
    EXECUTE sp_grantdbaccess 'DOMAIN\ACCOUNT'