Service User Security Requirements
When deploying to production customers will often lock down Windows services to have only the minimum security privileges required. When doing this for Dovetail Carrier you will need to ensure that the identity which the Dovetail Carrier Windows service is running as has the following privileges:
- Grant read access to : [INSTALL]\carrierservice\
- Grant modify access to : [INSTALL]\carrierservice\logs
- The user needs to be a member of the Performance Monitor Users group.
- The following MSMQ message queue permissions need to be granted to the identity in use on two local private Queues: dovetail.carrier, and dovetail.carrier_error
- Receive Message
- Peek Message
- Get Properties
- Get Permission
- Send Message