HelpMaster Service Account

The HelpMaster Service Account is a network account that is used for accessing network resources and securing HelpMaster

Overview

HelpMaster uses, and relies upon a variety of network resources in order to operate. 

These include:

  • SQL Server database (connection / reading / writing).  See Security Settings for the HelpMaster database

  • Files and directories on both local and networked drives (report files, attachments etc)  See Working folders file paths

  • Email (requiring access to the local email client as well as the server email system eg. Microsoft 365, Exchange, SMTP, IMAP etc)

  • Windows User directories - C:\ProgramData\ (this is a hidden folder)

  • The HelpMaster installation directory (as chosen at the time of installation)

Create a Windows group that users and services can use

It is necessary that the user (or service) running HelpMaster has sufficient network permissions with their Windows logon account to read and write to these resources.

  1. Create a Windows Active Directory group called “HelpMaster Users”, or similar. This group will be used to allow HelpMaster users to access the various network resources listed above.
  2. Add all of the staff members that will require HelpMaster access to this group.
  3. Grant Read/Write permissions to this group for ALL of the HelpMaster Working folders.
  4. If you wish for all HelpMaster users to connect to SQL Server via Windows Authentication, you can add this group to the “Logon” section of SQL Server and grant this group logon rights to the HelpMaster database.  When connecting to SQL Server, you have the choice to connect via Windows Authentication or via SQL Server logon.   For further details about this, please see Connecting to SQL Server.  

Create a Windows account “svc_HelpMaster”

HelpMaster installs and uses a number of Windows services that perform work.  These services need to be run under the Windows context of a domain/network user in order to access the resources that HelpMaster requires. 

helpmaster service account

In order to start and run the HelpMaster services, it is highly recommended that you create a new, dedicated Windows account and name it svc_HelpMasterServiceAccount or something similar according to your organizations naming convention for service accounts.

HelpMaster Service Account

The following gives an overview of the required permission for this account.

SQL Server Database

Requires read/write access to the HelpMaster Microsoft SQL Server Database. See Appendix B for the specific SQL Server permissions

Network “working folders”

Requires read/write or modify access to network shares. These “working folders” are used to store attachments, reports, themes, email and other HelpMaster resources.

Email Accounts

Requires email access to all email accounts that will be scanned and processed for email-to-ticket conversion. Requires FULL AND Send As (or Send on Behalf of) permissions to all email accounts specified in any of the outgoing email templates.

Web Portal

The HelpMaster service account must be a member of the IIS_IUSRS group when used as the IIS Application Pool Identity account that runs the HelpMaster web portal.

Active Directory user import / synchronization and Single-Sign-on

The HelpMaster service account requires access to connect to, and enumerate your Active Directory OU structure in order to import and synchronize users.

HelpMaster Services

HelpMaster installs 4 Windows Services that are used to deliver functionality. These are:

General Windows Permissions

The HelpMaster service account requires the following: • Be a local administrator on the machine running the HelpMaster Services. (Email Manager, Priority Manager, Automation etc.) • The ability to create, read and write Windows Event logs

See Also

Security Settings for the HelpMaster database