Don’t ask – but heres a script to set permissions for KTA service accounts to run as non admins.
They also need lon on as service account permissions.
script to grant folder permission from here - http://techibee.com/powershell/grant-fullcontrol-permission-to-usergroup-on-filefolder-using-powershell/2158
param (
[Parameter(Mandatory=$true)][string]$serviceAccount
)
function Grant-userFullRights( [string[]]$Files, [string]$UserName) {
$rule=new-object System.Security.AccessControl.FileSystemAccessRule($UserName,"FullControl","Allow")
foreach($File in $Files) {
if(Test-Path $File) {
try {
$acl = Get-ACL -Path $File -ErrorAction stop
$acl.SetAccessRule($rule)
Set-ACL -Path $File -ACLObject $acl -ErrorAction stop
Write-Host "Successfully set permissions on $File"
} catch {
Write-Warning "$File : Failed to set perms. Details : $_"
Continue
}
} else {
Write-Warning "$File : No such file found"
Continue
}
}
}
[string]$UserName = $serviceAccount
$Files = @("C:\ProgramData\Kofax\AppLogging\DB", "C:\ProgramData\Kofax Image Products\Local\Scripts")
Grant-userFullRights $Files $UserName
netsh http add urlacl http://+:80/Agility.Sdk.Services.StreamingService user=$UserName
netsh http add urlacl http://+:3581/SALMetadata/ user=$UserName
netsh http add urlacl http://+:3581/SAL/ user=$UserName
net stop "TotalAgility Streaming Service"
net start "TotalAgility Streaming Service"
net stop "KSALicenseService"
net start "KSALicenseService"
No comments:
Post a Comment