Monday, 20 March 2017

KTA permissions for service accounts

Don’t ask – but heres a script to set permissions for KTA service accounts to run as non admins.

They also need lon on as service account permissions.

script to grant folder permission from here - http://techibee.com/powershell/grant-fullcontrol-permission-to-usergroup-on-filefolder-using-powershell/2158

param (

       [Parameter(Mandatory=$true)][string]$serviceAccount

) 



function Grant-userFullRights( [string[]]$Files, [string]$UserName) {           
 $rule=new-object System.Security.AccessControl.FileSystemAccessRule($UserName,"FullControl","Allow")            

 foreach($File in $Files) {            
  if(Test-Path $File) {            
   try {            
    $acl = Get-ACL -Path $File -ErrorAction stop            
    $acl.SetAccessRule($rule)            
    Set-ACL -Path $File -ACLObject $acl -ErrorAction stop            
    Write-Host "Successfully set permissions on $File"            
   } catch {            
    Write-Warning "$File : Failed to set perms. Details : $_"            
    Continue            
   }            
  } else {            
   Write-Warning "$File : No such file found"            
   Continue            
  }            
 }            
}
[string]$UserName = $serviceAccount

$Files = @("C:\ProgramData\Kofax\AppLogging\DB", "C:\ProgramData\Kofax Image Products\Local\Scripts")

Grant-userFullRights $Files $UserName
netsh http add urlacl http://+:80/Agility.Sdk.Services.StreamingService user=$UserName
netsh http add urlacl  http://+:3581/SALMetadata/ user=$UserName
netsh http add urlacl  http://+:3581/SAL/ user=$UserName
net stop "TotalAgility Streaming Service"
net start "TotalAgility Streaming Service"
net stop "KSALicenseService"
net start "KSALicenseService"