Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Least-privileged security model enabled after Oct 22 CU #1434

Open
petepuu opened this issue Dec 13, 2023 · 0 comments
Open

Least-privileged security model enabled after Oct 22 CU #1434

petepuu opened this issue Dec 13, 2023 · 0 comments

Comments

@petepuu
Copy link
Contributor

petepuu commented Dec 13, 2023

Problem description

After October 2022 CU we should run the following command after farm is created because the least-privileged model is automatically enabled. If this is not done then deleting web application in CA will fail to access denied error at least for setup account.

Get-SPDatabase | %{$_.GrantOwnerAccessToDatabaseAccount()}

https://support.microsoft.com/en-us/topic/-sorry-something-went-wrong-error-when-you-delete-a-web-application-kb5031287-e1f3e2b7-6176-4e37-ab3b-606a9e456ffa

https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/plan-for-least-privileged-administration#additional-things-to-consider-for-a-least-privileged-environment

Verbose logs

-

DSC configuration

-

Suggested solution

Could we add this command maybe to the SPFarm resource as a last part after farm is created

SharePoint version and build

SPSE October 2023 CU

Operating system the target node is running

-

PowerShell version and build the target node is running

-

SharePointDsc version

5.4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant