HELP // Configuring VisualSVN Server service to run under a dedicated user account

By default, system built-in Network Service account is used to run VisualSVN Server service and all the required permissions are assigned to this account automatically during installation. But it is considered a good practice to run VisualSVN Server service under a dedicated user account. This improves isolation of VisualSVN Server service from other services that can be run under Network Service built-in account. This article describes how to configure VisualSVN Server service to run under a dedicated user account.

Perform the following steps to configure VisualSVN Server service to run under a dedicated user account:

  1. Create a dedicated account to run VisualSVN Server service. It can be a local or domain account depending on your security model.
  2. Grant the created account permissions required to run VisualSVN Server service:
    • Modify permission for the folder where repositories are stored (C:\Repositories by default);
    • Read & Execute permission for VisualSVN Server installation folder (C:\Program Files\VisualSVN Server by default);
    • Read & Execute permission for VisualSVN Server installation folder parent folders (C:\ and C:\Program Files\ folders by default);
    • Read & Execute permission for the folder where SVN server SSL certificates are stored (C:\Program Files\VisualSVN Server\certs by default).
    See KB37 for the full list of required permissions.
  3. Configure VisualSVN Server service to run under the created account:
    1. Open the Services snap-in by clicking Start and selecting Control Panel > Administrative Tools > Services.
    2. Locate and right-click VisualSVN Server service and select Properties.
    3. Select the Log On tab.
    4. Select This account and specify the created account name and password.
    5. Click OK to apply changes.
    6. Restart the service using the Restart command on the service's shortcut menu (or start the service using the Start command if it is stopped).
    7. If required, manually revoke permissions for the repositories folder (C:\Repositories by default) from Network Service account.
Note
Note If your repositories are stored remotely on a network share, grant the created account "Modify" NTFS permission and "Read" and "Change" share permissions on the remote storage folder. See KB22 for details on setting VisualSVN Server to store repositories remotely.
© 2005-2010 VisualSVN Limited.
All rights reserved.
Terms of Use
VisualSVN