Поделиться через


Managing and Resetting Service Accounts and Passwords

Team Foundation Server includes several services and service accounts that run on either the data-tier server, or the application-tier server, or both. Your actual services will vary, based on which features of Team Foundation you have installed on your data tier and application-tier servers. For example, if you have opted for a single-server setup, you will have both data-tier and application-tier services that run on the same server.

If you must reset the service account password for the Team Foundation Server, you must change the password for several services on the Team Foundation Server application-tier servers by using the TFSAdminUtil command-line utility. You can also use the TFSAdminUtil command-line utility to determine which services are running under a named account. The following table lists the service names, what service account they use, and what tier these services run on.

Note

If you change the service account or password for the reporting services service account, you must manually update the service account information for report data sources by going to the SQL Server Reporting Services Web site. For more information, follow the procedure for changing the reporting services service account in How to: Assign a New Account to a Team Foundation Server Service.

If you have deployed Team Foundation Server in an Active Directory domain, you should set the Account is sensitive and cannot be delegated option for service accounts. For example, in the following table, you should set that option for the placeholder service account TFSService. For more information about required service accounts and placeholder names used in Team Foundation Server documentation, see the topic "User Accounts Required for Team Foundation Server Setup" in the Team Foundation Server Installation Guide. For more information about the installation guide, see Installation Overview for Team Foundation Server. For more information about how to restrict account delegation in Active Directory, see the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=61995).

Service name Service account Tier

Code Coverage Service

TFSService

application tier

Team Foundation Server Web Services

TFSService

application tier

Report Server (MSSQLSERVER)

Network Service

application tier

Report Web Service

Local System (single-server);

Network Service (dual-server)

application tier

SharePoint Services

Network Service

application tier

Team Build Service (if Team Foundation Build is installed)

TFSService

application tier

TFS Server Scheduler

TFSService

application tier

Analysis Server (MSSQLSERVER)

Local System

data tier

SQL Server Agent

Local System

data tier

SQL Browser

Local System

data tier

SQL Server

Local System

data tier

On the Team Foundation Server data-tier server, all SQL related service accounts run as Local System. You should not change the password for any one of these accounts.

On the Team Foundation Server application-tier server, you must change the password for the Team Foundation Server Web Services application pool, as well as for the TFS Server Scheduler and Team Build Service services. This depends on your operational needs.

Note

If you change the service account for Team Build Service, you must make sure that the account is a member of the Build Services group, and that the account has read/write permissions to the temporary folders and the ASP.NET temporary folder.

See Also

Other Resources

TFSAdminUtil Command-Line Commands