If needed, you can run services for Acoustic™ Tealeaf using an NT domain account, even if the account lacks administrator privileges. The following additional configuration is required.
Generating the database permissions scripts
Follow this procedure to generate a database permissions script to be run against your Acoustic Tealeaf database.
The Tealeaf reporting services below require the listed privileges to run operations.
Service | Required Privileges |
---|---|
Data Collector | An NT account with privileges equivalent to TLADMIN |
Data Service | An NT account with privileges equivalent to TLUSER |
RSE Service | An NT account with privileges equivalent to TLADMIN |
Search Server | An NT account with privileges equivalent to TLUSER |
Transport Service | An NT account with privileges equivalent to TLUSER |
- Start the Database Manager.
- Generate the DB Permissions script.
- Edit the permissions script in a text editor.
- Search for
TLADMIN
and replace with the NT administrator account name for Tealeaf to use. - Search for
TLUSER
and replace with the NT user account name for Tealeaf to use. - Save the file.
- Search for
- Give the permissions script to the DBA for execution in SQL Server Management Studio.
Configuring database NT authentication
Follow this procedure to configure database NT authentication.
In the Tealeaf registry hive, locate the following area:
On 64-bit Windows™:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
TeaLeaf Technology\DataStore\ReportServer
- In the appropriate area, set the
DBTrustedAuthentication
value toTrue
. - Each Tealeaf database service must be configured to run as account with the required permissions.
- After the services are restarted, they attempt to connect to SQL Server using the appropriate account configured to run the service.
Configuring the Tealeaf Portal
Similar to other Acoustic Tealeaf services that require database connectivity, the Portal shares the ReportServer registry hive and requires the correct DBTrustedAuthentication
value.
To run the Portal as an NT Account, the IIS Application Pool to which the Portal's Application/Virtual Directory is assigned must be configured to use the wanted NT Account as its identity.
- Open Internet Information Services (IIS) Manager.
- From the Start menu, select Settings > Control Panel.
- Open Administrative Tools.
- Double-click Internet Information Services (IIS) Manager.
- Configure IIS 6:
- Create an Application Pool:
- Beneath
HOSTNAME (local computer)
, expand the Application Pools node. - Right-click the Application Pools node and select New > Application Pool.
- Enter a meaningful name for the Application Pool. For example, you might enter NTAppPool.
- All other defaults are acceptable.
- To save the new Application Pool, click OK.
- Beneath
- To configure the new Application Pool to use the wanted NT Account, right-click the newly created Application Pool (
NTAppPool
) and select Properties. - Click the Identity tab. Select the Configurable button.
- If you know the DOMAIN\username you want to use, enter it in the user name field. Otherwise, click Browse... and select the appropriate user name.
- After supplying the user name and Password for the new Application Pool, click OK to save your changes.
- Create an Application Pool:
- Configure IIS 7:
- Create an Application Pool:
- Beneath
HOSTNAME (local computer)
, expand the Application Pools node. - Right-click the Application Pools node and select Add Application Pool....
- Enter a meaningful name for the Application Pool. For example, you might enter NTAppPool.
- All other defaults are acceptable.
- To save the new Application Pool, click OK.
- Beneath
- To configure the new Application Pool to use the wanted NT Account, right-click the newly created Application Pool (
NTAppPool
) and select Advanced Settings.... - In the Process Model section, click the text box and select the newly revealed button on the right of the text box.
- On the Application Pool Identity dialog, select Custom account. Then click Set... to enter the NT Account information for the wanted NT Account.
- To save your changes, click OK twice.
- Create an Application Pool:
- Assign Application Pool: After you configured the new Application Pool, you must assign the Portal to the new Application Pool and associate the correct directory/user group permissions for the specified NT Account.
- To open the Tealeaf CX Web Application Installation Utility, click the Windows Start menu. Select Programs > TeaLeaf Technology > TeaLeaf Acoustic Experience Analytics (Tealeaf) CX Portal > Acoustic Experience Analytics (Tealeaf) CX Web Application Installation Utility.
- In the Virtual Directory section, click the Application Pool text box. Click the newly revealed button to the right of the textbox.
- From the list, select the newly created Application Pool (
NTAppPool
). - To reinstall the Portal IIS Application/Virtual Directory, click Execute.
- The Portal is reconfigured to use the newly created Application Pool (
NTAppPool
) and assigns the necessary user group and directory permissions.