HelpMaster Service Account
The HelpMaster Service Account is a Windows Account that is used by HelpMaster to access various network resources.
HelpMaster uses, and relies upon a variety of network resources in order to operate.
These include:
-
SQL Server database (connection / reading / writing). See Security Settings for the HelpMaster database
-
Files and directories on both local and networked drives (report files, attachments etc) See Working folders file paths
-
Email (requiring access to the local email client as well as the server email system eg. Microsoft 365, Exchange, SMTP, IMAP etc)
-
Windows User directories - C:\ProgramData\ (this is a hidden folder by default)
-
The HelpMaster installation directory (as chosen at the time of installation)
A HelpMaster Service Account account should be created in Windows to access these resources.
Create a Windows group that users and services can use
It is necessary that the user (or service) running HelpMaster has sufficient network permissions with their Windows logon account to read and write to these resources.
- Create a Windows Active Directory group called “HelpMaster Users”, or similar. This group will be used to allow HelpMaster users to access the various network resources listed above.
- Add all of the staff members that will require HelpMaster access to this group.
- Grant Read/Write permissions to this group for ALL of the HelpMaster Working folders.
- If you wish for all HelpMaster users to connect to SQL Server via Windows Authentication, you can add this group to the “Logon” section of SQL Server and grant this group logon rights to the HelpMaster database. When connecting to SQL Server, you have the choice to connect via Windows Authentication or via SQL Server logon. For further details about this, please see Connecting to SQL Server.
Create a Windows account “svc_HelpMaster”
HelpMaster installs and uses a number of Windows services that perform work. These services need to be run under the Windows context of a domain/network user in order to access the resources that HelpMaster requires.
It is highly recommended that you create a new, dedicated Windows account and name it svc_HelpMasterServiceAccount or something similar according to your organizations naming convention for service accounts.
The following gives an overview of the required permission for this account.
SQL Server Database
Requires read/write access to the HelpMaster Microsoft SQL Server Database. See Security Settings for the HelpMaster database
Network “working folders”
Requires read/write or modify access to network shares. These “working folders” are used to store attachments, reports, themes, email and other HelpMaster resources.
Email Accounts
Requires email access to all email accounts that will be scanned and processed for email-to-ticket conversion. Requires FULL AND Send As (or Send on Behalf of) permissions to all email accounts specified in any of the outgoing email templates.
Web Portal
The HelpMaster service account must be a member of the IIS_IUSRS group when used as the IIS Application Pool Identity account that runs the HelpMaster web portal.
Windows Active Directory user import / synchronization and Single-Sign-on
The HelpMaster service account requires access to connect to, and enumerate your Active Directory OU structure in order to import and synchronize users.
HelpMaster Services
HelpMaster installs 4 Windows Services that are used to deliver functionality. These are:
- The Priority Manager Service
- The Email Manager Service
- The Active Directory Service
- The Automation Service
The HelpMaster service account will be used to run each of these services.
General Windows Permissions
The HelpMaster service account requires the following permissions:
- For Windows AD network environments, it must be an AD account with access to all HelpMaster resources and network file locations
- The ability to create, read and write Windows Event logs as all service logs are duplicated to the Windows Event Log
- For v24.7+ Entra ID Cloud only configurations, it should be a “Local” Windows Server account
Note about logons
If the password expires on any Windows account that is being used by a HelpMaster service, the service will stop working. Consider using service accounts with their passwords set to NOT expire.See Also
Security Settings for the HelpMaster database
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.