K2 blackpearl Product Documentation: Installation and Configuration Guide
Set up the K2 Service Account

The K2 Service Account is the account under which the K2 service runs.

The rest of this guide will use domain\K2 Service Account as a placeholder for the K2 Service account name. When installing K2 in your environment, replace this placeholder with your actual account name.

The K2 Service Account will need the following permissions:

K2 Server
Permission Used For

Log on as a Service

In order to run the K2 blackpearl Service, the Service Account will need this permission. To see how to set this permission, click here.

Rights Folder or Registry Key
Full Control %SYSTEMROOT%\temp
Full Control %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA
Full Control HKEY_LOCAL_MACHINE\SOFTWARE\SourceCode\Logging  (* Note)
Modify %PROGRAMFILES%\K2 blackpearl\Host Server\Bin  (* Note)
* Note The following step is done post installation
SharePoint Server
Permission Used For
Site Collection Administrator

In order for the K2 Service to create sites, assign permissions, work with the SharePoint Workflow Integration features, and for the Identity Service to be able to resolve and cache SharePoint groups, the service account needs to be a Site Collection Administrator on all sites where K2 features are to be used.

Local Administrator

If your security policies do not allow for local administration rights on servers, please see the below table for the specific permissions required.

Rights Folder or Registry Key
Full Control %SYSTEMROOT%\temp
Full Control %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA
Full Control HKEY_LOCAL_MACHINE\SOFTWARE\SourceCode\Logging  (* Note)
Write Access %COMMONPROGRAMFILES%\Microsoft Shared\web server extensions\12
(Applicable to Microsoft Office SharePoint Server 2007)
Write Access %COMMONPROGRAMFILES%\Microsoft Shared\web server extensions\14
(Applicable to Microsoft SharePoint Server 2010)
* Note The following step is done post installation
Authenticated Users
Rights Folder or Registry Key
Modify C:\Users and all folders below. (Applicable to Windows 2008 Servers). Apply this to all SharePoint Web Front Ends
Active Directory
Permission Folder or Registry Key
List contents Administrative Tools\Active Directory Users and Computers\Domian Properties\Security Tab\Advanced\Permissions Tab\Authenticated Users\Add\Select Principal (Authenticated Users)\Permissions
Read all properties Administrative Tools\Active Directory Users and Computers\Domian Properties\Security Tab\Advanced\Permissions Tab\Authenticated Users\Add\Select Principal (Authenticated Users)\Permissions
While infrastructure changes are required by K2, each environment is different and has its peculiarities which must be taken into account. Modifying the infrastructure could have unforeseen results if the changes are not appropriately understood or managed. Given the broad spectrum of underlying infrastructure utilized, it is recommended that a panel or committee with appropriate skill in each area concerned be assembled to outline the underlying infrastructure changes and gauge the impact of the required changes.

 

 


K2 blackpearl Product Documentation: Installation and Configuration Guide 4.6.11