HelpMaster Service Account
HelpMaster uses, and relies upon a variety of network resources in order to operate.
SQL Server database (connection / reading / writing). See Security Settings for the HelpMaster database
Files and directories on both local and networked drives (report files, attachments etc) See Working folders file paths
Email (requiring access to the local email client as well as the server email system eg. Microsoft 365, Exchange, SMTP, IMAP etc)
Windows User directories - C:\ProgramData\ (this is a hidden folder)
The HelpMaster installation directory (as chosen at the time of installation)
Create a Windows group that users and services can use
It is necessary that the user (or service) running HelpMaster has sufficient network permissions with their Windows logon account to read and write to these resources.
- Create a Windows Active Directory group called “HelpMaster Users”, or similar. This group will be used to allow HelpMaster users to access the various network resources listed above.
- Add all of the staff members that will require HelpMaster access to this group.
- Grant Read/Write permissions to this group for ALL of the HelpMaster Working folders.
- If you wish for all HelpMaster users to connect to SQL Server via Windows Authentication, you can add this group to the “Logon” section of SQL Server and grant this group logon rights to the HelpMaster database. When connecting to SQL Server, you have the choice to connect via Windows Authentication or via SQL Server logon. For further details about this, please see Connecting to SQL Server.
Create a Windows account “svc_HelpMaster”
HelpMaster installs and uses a number of Windows services that perform work. These services need to be run under the Windows context of a domain/network user in order to access the resources that HelpMaster requires.
In order to start and run the HelpMaster services, it is highly recommended that you create a new, dedicated Windows account and name it svc_HelpMasterServiceAccount or something similar according to your organizations naming convention for service accounts.
The following gives an overview of the required permission for this account.
SQL Server Database
Requires read/write access to the HelpMaster Microsoft SQL Server Database. See Appendix B for the specific SQL Server permissions
Network “working folders”
Requires read/write or modify access to network shares. These “working folders” are used to store attachments, reports, themes, email and other HelpMaster resources.
Requires email access to all email accounts that will be scanned and processed for email-to-ticket conversion. Requires FULL AND Send As (or Send on Behalf of) permissions to all email accounts specified in any of the outgoing email templates.
The HelpMaster service account must be a member of the IIS_IUSRS group when used as the IIS Application Pool Identity account that runs the HelpMaster web portal.
Active Directory user import / synchronization and Single-Sign-on
The HelpMaster service account requires access to connect to, and enumerate your Active Directory OU structure in order to import and synchronize users.
HelpMaster installs 4 Windows Services that are used to deliver functionality. These are:
The HelpMaster service account will be used to run each of these services.
General Windows Permissions
The HelpMaster service account requires the following: • Be a local administrator on the machine running the HelpMaster Services. (Email Manager, Priority Manager, Automation etc.) • The ability to create, read and write Windows Event logs
Note about logonsIf the password expires on any Windows account that is being used by a HelpMaster service, the service will stop working. Consider using service accounts with their passwords set to NOT expire.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.