The K2 Service Account is the account under which the K2 service runs.
The rest of this guide will use domain\K2 Service Account as a placeholder for the K2 Service account name. When installing K2 in your environment, replace this placeholder with your actual account name.
The K2 Service Account will need the following permissions:
| K2 Server | |
|---|---|
| Permission | Used For |
|
In order to run the K2 blackpearl Service, the Service Account will need this permission. To see how to set this permission, click here. |
|
| Rights | Folder or Registry Key |
| Full Control | %SYSTEMROOT%\temp |
| Full Control | %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA |
| Full Control | HKEY_LOCAL_MACHINE\SOFTWARE\SourceCode\Logging (* Note) |
| Modify | %PROGRAMFILES%\K2 blackpearl\Host Server\Bin (* Note) |
| * Note | The following step is done post installation |
| SharePoint Server | |
|---|---|
| Permission | Used For |
| Site Collection Administrator |
In order for the K2 Service to create sites, assign permissions, work with the SharePoint Workflow Integration features, and for the Identity Service to be able to resolve and cache SharePoint groups, the service account needs to be a Site Collection Administrator on all sites where K2 features are to be used. |
| Local Administrator |
If your security policies do not allow for local administration rights on servers, please see the below table for the specific permissions required. |
| Rights | Folder or Registry Key |
| Full Control | %SYSTEMROOT%\temp |
| Full Control | %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA |
| Full Control | HKEY_LOCAL_MACHINE\SOFTWARE\SourceCode\Logging (* Note) |
| Write Access | %COMMONPROGRAMFILES%\Microsoft Shared\web server extensions\12 (Applicable to Microsoft Office SharePoint Server 2007) |
| Write Access | %COMMONPROGRAMFILES%\Microsoft Shared\web server extensions\14 (Applicable to Microsoft SharePoint Server 2010) |
| * Note | The following step is done post installation |
| Authenticated Users | |
|---|---|
| Rights | Folder or Registry Key |
| Modify | C:\Users and all folders below. (Applicable to Windows 2008 Servers). Apply this to all SharePoint Web Front Ends |
| Active Directory | |
|---|---|
| Permission | Folder or Registry Key |
| List contents | Administrative Tools\Active Directory Users and Computers\Domian Properties\Security Tab\Advanced\Permissions Tab\Authenticated Users\Add\Select Principal (Authenticated Users)\Permissions |
| Read all properties | Administrative Tools\Active Directory Users and Computers\Domian Properties\Security Tab\Advanced\Permissions Tab\Authenticated Users\Add\Select Principal (Authenticated Users)\Permissions |
 |
While infrastructure changes are required by K2, each environment is different and has its peculiarities which must be taken into account. Modifying the infrastructure could have unforeseen results if the changes are not appropriately understood or managed. Given the broad spectrum of underlying infrastructure utilized, it is recommended that a panel or committee with appropriate skill in each area concerned be assembled to outline the underlying infrastructure changes and gauge the impact of the required changes. |
