I had an issue today when specifying the details for the specific content access account e.g. the Farm Account as specified in the MSDN guidance. Now according to the documentation SharePoint should provision all the necessary privileges for the Farm Account, but it didn’t!
Having a look at the event viewer showed the error below:
After looking around on the web, basically the client had some Group Policy for server machines that took off some default things. One of these was affecting the install which was ‘Access this computer from the network’. The service account wasn’t in there…adding this into this setting in ‘Local Security Settings’ fixed this. You get to Local Security Settings via ‘Administrative Tools|Local Security Policy’.
Following from that, the SQL server also had these settings incorrect and the user needed to be added there. Most servers will have AUTHENTICATED USERS added into this right. I would recommend having a group for all service accounts and simply add that group to that setting.
What really bugs me is the error that SharePoint gave me was completely wrong! Why catch the error and report it to the user when it’s completely incorrect…it should just provide guidance to check the Event Logs!
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 534
Time: 9:03:33 AM
User: NT AUTHORITY\SYSTEM
Reason: The user has not been granted the requested
logon type at this machine
User Name: SP.Farm.TST
Logon Type: 3
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: TST-PTH-WEB01
Caller User Name: SharePointSrv_TST
Caller Domain: HEAD_OFFICE
Caller Logon ID: (0x0,0x11AB84)
Caller Process ID: 2428
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.