Windows Groups and User Accounts in BizTalk Server on single Computer (Sandbox)

Posted: November 9, 2009  |  Categories: BizTalk BizTalk Server 2006 R2 BizTalk Server 2009 Uncategorized
You can download the entire article as a PDF document.
Windows Groups and User Accounts in BizTalk Server on single Computer (Sandbox)

The Configuration Manager creates the necessary Windows group and user accounts for you by default if you install BizTalk Server and all prerequisite software on a single computer. BizTalk Server supports local group and user accounts only in single computer configurations. BizTalk Server gives you the ability to configure your server in one of two modes, Basic or Custom. Basic configuration is targeted for developers setting up single server installations for development preferable a sandbox virtual machine. What will happen is that the following will occur:

· All database names are generated by BizTalk Server under account provided that needs to have sysadmin rights in SQL Server database;

· All applicable database logon information is run under the account provided.

· All BizTalk Server services are generated by BizTalk Server.

· All BizTalk Server services run under the account provided. The configuration process grants this account the necessary security permissions on the server and objects in SQL Server

· All features are configured based on the prerequisite software you have installed on the computer.

· The Default Web Site in Internet Information Services (IIS) is used for any feature that requires IIS.

· The logged on user must be a member of the OLAP Administrators group on the OLAP server.

Custom configuration allows you to configure the server using advanced configuration options. With custom configuration, you can selectively configure or un-configure each feature.


Sysadmin rights for configuration

For single- or multibox installation of BizTalk you will need sysadmin rights for instance to set up the BizTalk Group. Danger this option is that you as a developer may not be aware when configuring BizTalk in a different environment than your development. For a test, acceptance and deployment of a production environment in a multi-computer environment you will be encountered with Active Directory. Then you do not use local groups, but domain groups and these will not be created for you and need to be done yourself. Once you have succeeded at this you have to create accounts for host instances, arrange for access to databases and so on. You may be tempted as a developer for simple solution and risky way to choose an account with too many rights on the SQL Server.

It is recommended that you study the following resources closely to get a sense of how to handle installation and configuration of BizTalk in different environments and security in mind. It also helps to gain some routine through setting up a sandbox environment and applying these practices. I use a BizTalk Setup User account to setup BizTalk and configure the environment. After this exercise I disable this account.


In picture above you will also notice that I created more user accounts for different services like Host Instances, BRE, SSO and Database Services.

Minimum security rights:

Installation manuals:

Basic Configuration:

Local groups:


You can download the entire article as a PDF document.
Windows Groups and User Accounts in BizTalk Server on single Computer (Sandbox)
#1 all-in-one platform for Microsoft BizTalk Server management and monitoring
Author: Steef-Jan Wiggers

Steef-Jan Wiggers is all in on Microsoft Azure, Integration, and Data Science. He has over 15 years’ experience in a wide variety of scenarios such as custom .NET solution development, overseeing large enterprise integrations, building web services, managing projects, designing web services, experimenting with data, SQL Server database administration, and consulting. Steef-Jan loves challenges in the Microsoft playing field combining it with his domain knowledge in energy, utility, banking, insurance, healthcare, agriculture, (local) government, bio-sciences, retail, travel, and logistics. He is very active in the community as a blogger, TechNet Wiki author, book author, and global public speaker. For these efforts, Microsoft has recognized him a Microsoft MVP for the past 8 years.


Back to Top