Author:Steve Chowles
報表服務DBA系列之應用程序緩存池身份更改
By default when you install Reporting Services it will by default use the NT Authority/NetworkService account for running the Application Pool processes. If you use NT Authority/NetworkService for the Application Pool used by the Report Server, when it connects to the SQL Server to read the Reporting Services meta data, it will connect using the account Domain/<Server>$ where <server> is the machine name where Reporting Services is installed.
默認情況下,默認安裝的報表服務使用Authority/NetworkService帳號來運行應用程序緩存池中的進程. 如果報表服務器的應用程序緩存池使用NT Authority/NetworkService,當它鏈接SQL Server讀取報表服務的數據是,它將使用Domain/<Server>$帳號,這裏的<server>是報表服務安裝的機器名稱.
It is quite easy to change the account used to a different name by following the steps below. One point to note is that the accounts used by the Application Pools do not affect Reporting Services Encryption. I will be covering Encryption soon in an article which is probably going to be the most in depth one you will have ever seen so look out for that one.
使用如下步驟將很容易修改這個帳號.需要注意的一點是這個帳號不會影響到報表服務的加密功能.我將在稍後的文章中深入闡述加密問題,屆時可以留意.
Another point worth noting is that you can have a different Application Pool for Report Server and Report Manager or you can use the same one. Even if your account is the same for Report Server and Report Manager make sure you complete all the steps below for the account.
另外一點值得提醒的是,報表服務器和報表管理器可以使用不同的應用程序緩存池,也可以使用同一個緩存池.如果使用的是同一個帳號,那麼這個帳號必須完成下面所有的步驟.
The steps below detail how to change the accounts from NT Authority/NetworkService to DOMAIN/MyAccount
如下詳細的步驟是怎樣將NT Authority/NetworkService 帳號修改成DOMAIN/MyAccount.
Changing the Account for the Report Server Application Pool
修改報表服務器應用程序緩衝池的帳號
On the SQL Server where the Reporting Service Meta Data resides complete the following
· Create login DOMAIN/MyAccount to SQL Server
· Add DOMAIN/MyAccount to the database master with the database role RSExecRole
· Add DOMAIN/MyAccount to the database msdb with the database role RSExecRole
· Add DOMAIN/MyAccount to the database ReportServer with the database role RSExecRole
· Add DOMAIN/MyAccount to the database ReportServerTempdb with the database role RSExecRole
在報表服務數據所在的SQL Server上完成如下步驟:
· 創建SQL Server帳號 DOMAIN/MyAccount
· 將 DOMAIN/MyAccount 加入master 數據庫並賦予RSExecRole角色.
· 將DOMAIN/MyAccount 加入msdb 數據庫並賦予RSExecRole角色
· 將 DOMAIN/MyAccount 加入ReportServer 數據庫並賦予 RSExecRole角色
· 將 DOMAIN/MyAccount 加入 ReportServerTempdb數據庫並賦予RSExecRole角色
Change the Identity of the Application Pool account used by Report Server Virtual Directory
· Open IIS Manager from Administrative Tools
· Open the Properties of the Report Server Virtual Directory and confirm the Application Pool name
· Open the Properties of the Application Pool.
· Click on the Identify tab
· Click Configurable and enter the UserName DOMAIN/MyAccount and Password
· Click OK and enter the password again to complete.
修改報表服務器虛擬目錄的應用程序緩存池的身份帳號
· 從管理工具裏面打開IIS管理器
· 打開報表服務器虛擬目錄的屬性並確認應用程序緩存池的名稱
· 打開應用程序緩存池的屬性
· 點擊身份頁
· 點擊配置並輸入用戶DOMAIN/MyAccount 和密碼
· 點擊確認並再次輸入密碼完成配置
Add DOMAIN/MyAccount to the following Local Groups on the server hosting Reporting Services
· IIS_WPG
· SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance>
· SQLServer2005ReportServerUser$<machine>$<instance>
添加帳號DOMAIN/MyAccount到報表服務所在的服務器的本地用戶組
· 添加到IIS_WPG組
· 添加到SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance>組
· 添加到SQLServer2005ReportServerUser$<machine>$<instance>組
Update the Report Server Configuration file
· Open file C:/Program Files/Microsoft SQL Server/MSSQL.n/Reporting Services/ReportServer/rsreportserver.config
· Locate <WebServiceAccount>account<WebServiceAccount>
· Change account to DOMAIN/MyAccount
· Save the file
修改報表服務器的配置文件
· 打開C:/Program Files/Microsoft SQL Server/MSSQL.n/Reporting Services/ReportServer/rsreportserver.config
· 定位到 <WebServiceAccount>account<WebServiceAccount>
· 修改 account 爲 DOMAIN/MyAccount
· 保存文件
Update NETMAN DCOM Permissions
· Open Component Services from Administrative Tools
· Expand Component Services -> Computers -> My Computers -> DCOM Config
· Right click NETMAN and select Properties
· Click the Security tab
· Under Launch and Activation Permissions select Customize
· Click Edit
· Add SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance> with Local Launch and Local Activation permissions
· Add SQLServer2005ReportingServerUser$<machine>$<instance> with Local Launch and Local Activation permissions
· Click OK, OK
修改 NETMAN DCOM權限
· 從管理工具中打開組件服務
· 展開Component Services -> Computers -> My Computers -> DCOM Config
· 右鍵點擊 NETMAN 並選擇屬性
· 點擊安全頁
· 在設置和激活權限下選擇自定義
· 點擊修改
· 將 SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance>添加Local Launch 和 Local Activation 權限
· 將 SQLServer2005ReportingServerUser$<machine>$<instance> 添加 Local Launch 和 Local Activation 權限
· 點擊確認
Stop and Start the Application Pool used by the Report Server
· Stop the Application Pool
· Start the Application Pool
· From Reporting Services Configuration Manager confirm the Web Service Identity has a Green tick
停止和啓動報表服務器使用的應用程序緩存池
· 停止應用程序緩存池
· 啓動應用程序緩存池
· 從報表服務配置管理器中確認Web Service Identity 是綠色符號(PS:綠色表示正常).
Changing the Account for the Report Manager Application Pool
修改報表管理器的應用程序緩存池帳號
Some of these will be duplicated if you are using the same account for Report Server and Report Manager
如果和報表服務器使用同樣的緩存池的話,下面一些步驟是重複的.
Change the Identity of the Application Pool account used by Report Manager Virtual Directory
· Open IIS Manager from Administrative Tools
· Open the Properties of the Report Manager Virtual Directory and confirm the Application Pool name
· Open the Properties of the Application Pool.
· Click on the Identify tab
· Click Configurable and enter the UserName DOMAIN/MyAccount and Password
· Click OK and enter the password again to complete.
修改報表服務器虛擬目錄的應用程序緩存池的身份帳號
· 從管理工具裏面打開IIS管理器
· 打開報表服務器虛擬目錄的屬性並確認應用程序緩存池的名稱
· 打開應用程序緩存池的屬性
· 點擊身份頁
· 點擊配置並輸入用戶DOMAIN/MyAccount 和密碼
· 點擊確認並再次輸入密碼完成配置
Add DOMAIN/MyAccount to the following Local Groups on the server hosting Reporting Services
· IIS_WPG
· SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance>
· SQLServer2005ReportServerUser$<machine>$<instance>
添加帳號DOMAIN/MyAccount到報表服務所在的服務器的本地用戶組
· 添加到IIS_WPG組
· 添加到SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance>組
· 添加到SQLServer2005ReportServerUser$<machine>$<instance>組
C:/Windows/Temp folder Access
· Make sure the DOMAIN/MyAccount has read and write access to this folder.
文件夾C:/Windows/Temp的訪問權限
· 確保 DOMAIN/MyAccount 擁有對這個文件的讀寫權限.
Stop and Start the Application Pool used by the Report Manager
· Stop the Application Pool
· Start the Application Pool
停止和啓動報表管理器使用的應用程序緩存池
· 停止應用程序緩存池
· 啓動應用程序緩存池
Stop and Start the Application Pool used by the Report Server
· Stop the Application Pool
· Start the Application Pool
停止和啓動報表服務器使用的應用程序緩存池
· 停止應用程序緩存池
· 啓動應用程序緩存池
大功告成!.