Skip to main content
Documentation & User Guides | Fotoware

Setting a process account for FotoWare services

While each application's service runs under the Local System Account, the Process Account is used for scanning document folders, writing and maintaining indexes, handling FotoWeb requests, and so on. In short, it's a common account that handles the processing carried out by all Fotoware applications on the server.

Choosing a process account

Note: This process account must be a member of the local Administrators group on the server that it runs. Learn why.

The first time you access Operations Center Settings you must provide credentials for the Fotoware process account. However, if FotoWeb has been installed on the server, you will already have been asked to set up a process account by the FotoWeb setup wizard. To change the process account credentials, go to Operations Center Settings General:

Setting a process account for the FotoWare services on the server

 Process account implications for FotoWeb

If you specify a domain account and enter yourcompany.com, yourcompany.net, or similar using a suffix in the Domain field, you will not be able to use a trusted connection when connecting FotoWeb to the SQL database. This is because the SQL database stores the windows user with only the short form of the domain name, omitting the three-letter suffix (.net, .com etc.) so that the SQL server will not be able to find the user.

Note: If your FotoWeb site runs on Internet Information Services, the process account specified in Operations Center Settings will be used to power the FotoWeb application pool in IIS. Ensure that any password renewal policies in your domain do not affect the process account as this can potentially lock out the process account and cause the Fotoware services on the server to stop. Also, if you change the process account in Operations Center Settings, you must manually make sure to set the same account for the IIS app pool.

Using a domain account as the process account

Normally, when a Fotoware server is added to a domain, the local machine (System account) is automatically granted READ permissions for CN=Users in the directory. This is required to look up the appropriate AD account for the process account and to delegate the correct permissions for the process account on the machine. This means User Access Control can remain enabled on the server, as recommended by Microsoft.

If the local machine (system account) does not have this privilege, the Fotoware services will not be able to run and it will be necessary to grant those permissions explicitly in the directory.