Skip to main content
Documentation & User Guides | FotoWare

Setting a process account for FotoWare services

While each application's service runs under the Local System Account, the Process Account is used for scanning document folders, writing and maintaining indexes, handling FotoWeb requests and so on. In short, it's a common account that handles the processing that is carried out by all FotoWare applications on the server.

Choosing a process account

Important: This process account must be a member of the local Administrators group on the server that it runs. Learn why.

The first time you access the Operations Center you will be asked to provide credentials for the FotoWare process account. However, if FotoWeb has been installed on the server, the FotoWeb setup wizard will already have asked you to set a process account. If you want to change it, you can go to the Server Settings tab in the Operations Center and change its credentials in the Process account section.

Setting a process account for the FotoWare services on the server

 Process account implications for FotoWeb

If you specify a domain account and fill in the Domain field as, or something similar using a suffix, you will not be able to use a trusted connection when connecting FotoWeb to the SQL database. That's because the SQL database stores the windows user with only the short form of the domain name, omitting the three-letter suffix (.net, .com etc.) so that the SQL server will not be able to find the user.

You should also be aware that if your FotoWeb site runs on Internet Information Services, the process account specified in the Operations Center will be used to power the FotoWeb application pool in IIS. You should make sure any password renewal policies in your domain do not affect the process account, as this may potentially lock out the process account and cause the FotoWare services on the server to stop. Also, if you change the process account in the Operations Center at any time, you must manually make sure to set the same account for the IIS app pool.

Using a domain account as the process account

Normally, when a FotoWare server is added to a domain, the local machine (System account) is automatically granted READ permissions for CN=Users in the directory. This is required to look up the appropriate AD account for the process account and to delegate the correct permissions for the process account on the machine. By using this approach, User Access Control can remain enabled on the server, as recommended by Microsoft.

If, for some reason, the local machine (System account) does not have this privilege, the FotoWare services will not to run and it will be necessary to grant those permissions explicitly in the directory.