AppManager for Microsoft SharePoint Server requires that the NetIQ AppManager Client Resource Monitor (netiqmc) and the NetIQ AppManager Client Communication Manager (netiqccm) agent services use one of the following account types:
Agent User account
Domain account
Farm setup account (the user account used to set up the SharePoint server)
You can change the account type for the netiqmc and netiqccm agent services. If you use the farm setup account, you do not need to do any additional configuration for the account type.
For information about creating an Agent User account and a Domain account, see Section 2.8.2, Creating an Agent User Account and Section 2.8.3, Creating a Domain Account.
To change the account type of the agent services:
Start the Services Administrative Tool. To do this, you can open the Administrative Tools folder in the Control Panel.
Right-click the NetIQ AppManager Client Communication Manager (netiqccm) service in the list of services, and select Properties.
On the Logon tab, specify the appropriate account to use.
Click OK.
Repeat Step 2 through Step 4 for the NetIQ AppManager Client Resource Monitor (netiqmc) service.
Restart both services.
You can create a new local user called Agent User for the netiqmc and netiqccm agent services.
To create the Agent User:
Create a new local user named Agent User on the agent computer, and give the Agent User local administrator permissions for that computer.
Repeat Step 1 for each SharePoint server in the farm.
On the SQL Server computer, create a new local user named Agent User, and give the Agent User normal user permissions (non-administrator).
On the SQL Server computer, add Agent User to the database logins.
On the SharePoint configuration database, add Agent User to the Users, and add the following Role memberships:
db_datareader
db_denydatawriter
SharePoint_Shell_Access (SharePoint Server 2010 and later.)
WSS_Content_Application_Pools (needed to run stored procedures, or sprocs)
For each SharePoint content database, add Agent User to the list of Users.
(Conditional) If you are running SharePoint Server 2010 or later, for the logging database, give Agent User the following Role memberships (this allows the WebPagePerf Knowledge Script to run):
db_denydatawriter
db_owner
For each SharePoint content database, give Agent User the following Role memberships:
db_denydatawriter
db_owner
(Conditional) If you are running SharePoint Server 2010 or later, set up the account as a site collection administrator by running the following command: Set-SPSite -Identity "SiteCollectionURL" -SecondaryOwnerAlias "ComputerName\Username"
Repeat Step 9 for all site collections.
If you are running SharePoint Server 2010 or later, you can create a new domain account for the netiqmc and netiqccm agent services.
To create the domain account:
Click Start > Programs > Administrative Tools > Active Directory Users and Computers.
Create a new domain account, such as MyDomain\SharePoint, and give the new domain account administrator permissions for each SharePoint server in the farm.
NOTE:You do not need grant any permissions on the SQL server computer.
Log on to any SharePoint server with the farm setup account (the user account used to set up the SharePoint server).
Open the SharePoint Management shell.
At the Windows PowerShell command prompt, type the following commands to assign the account to the SharePoint_Shell_Access role on the SharePoint content databases, and to make the account a member of the WSS_ADMIN_WPG local group on all servers in the farm:
$db = get-SPContentDatabase "ContentDBName"
Add-SPShellAdmin -Username "Domain\Username" -database $db
Set up the account as a site collection administrator by running the following command: Set-SPSite -Identity "SiteCollectionURL" -SecondaryOwnerAlias "Domain\Username"
Repeat Step 6 for all site collections.
For the logging database, give Agent User the following Role memberships (this allows the WebPagePerf Knowledge Script to run):
db_denydatawriter
db_owner