Skip to content

Least-privileged security model enabled after Oct 22 CU #1434

Description

@petepuu

Problem description

After October 2022 CU we should run the following command after farm is created because the least-privileged model is automatically enabled. If this is not done then deleting web application in CA will fail to access denied error at least for setup account.

Get-SPDatabase | %{$_.GrantOwnerAccessToDatabaseAccount()}

https://support.microsoft.com/en-us/topic/-sorry-something-went-wrong-error-when-you-delete-a-web-application-kb5031287-e1f3e2b7-6176-4e37-ab3b-606a9e456ffa

https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/plan-for-least-privileged-administration#additional-things-to-consider-for-a-least-privileged-environment

Verbose logs

-

DSC configuration

-

Suggested solution

Could we add this command maybe to the SPFarm resource as a last part after farm is created

SharePoint version and build

SPSE October 2023 CU

Operating system the target node is running

-

PowerShell version and build the target node is running

-

SharePointDsc version

5.4

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions