By default when you install Reporting Services it will by default use the NT Authority\NetworkService account for running the Application Pool processes. If you use NT Authority\NetworkService for the Application Pool used by the Report Server, when it connects to the SQL Server to read the Reporting Services meta data, it will connect using the account Domain\<Server>$ where <server> is the machine name where Reporting Services is installed.
It is quite easy to change the account used to a different name by following the steps below. One point to note is that the accounts used by the Application Pools do not affect Reporting Services Encryption. I will be covering Encryption soon in an article which is probably going to be the most in depth one you will have ever seen so look out for that one.
Another point worth noting is that you can have a different Application Pool for Report Server and Report Manager or you can use the same one. Even if your account is the same for Report Server and Report Manager make sure you complete all the steps below for the account.
The steps below detail how to change the accounts from NT Authority\NetworkService to DOMAIN\MyAccount
Changing the Account for the Report Server Application Pool
On the SQL Server where the Reporting Service Meta Data resides complete the following
· Create login DOMAIN\MyAccount to SQL Server
· Add DOMAIN\MyAccount to the database master with the database role RSExecRole
· Add DOMAIN\MyAccount to the database msdb with the database role RSExecRole
· Add DOMAIN\MyAccount to the database ReportServer with the database role RSExecRole
· Add DOMAIN\MyAccount to the database ReportServerTempdb with the database role RSExecRole
Change the Identity of the Application Pool account used by Report Server Virtual Directory
· Open IIS Manager from Administrative Tools
· Open the Properties of the Report Server Virtual Directory and confirm the Application Pool name
· Open the Properties of the Application Pool.
· Click on the Identify tab
· Click Configurable and enter the UserName DOMAIN\MyAccount and Password
· Click OK and enter the password again to complete.
Add DOMAIN\MyAccount to the following Local Groups on the server hosting Reporting Services
· IIS_WPG
· SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance>
· SQLServer2005ReportServerUser$<machine>$<instance>
Update the Report Server Configuration file
· Open file C:\Program Files\Microsoft SQL Server\MSSQL.n\Reporting Services\ReportServer\rsreportserver.config
· Locate <WebServiceAccount>account<WebServiceAccount>
· Change account to DOMAIN\MyAccount
· Save the file
Update NETMAN DCOM Permissions
· Open Component Services from Administrative Tools
· Expand Component Services -> Computers -> My Computers -> DCOM Config
· Right click NETMAN and select Properties
· Click the Security tab
· Under Launch and Activation Permissions select Customize
· Click Edit
· Add SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance> with Local Launch and Local Activation permissions
· Add SQLServer2005ReportingServerUser$<machine>$<instance> with Local Launch and Local Activation permissions
· Click OK, OK
Stop and Start the Application Pool used by the Report Server
· Stop the Application Pool
· Start the Application Pool
· From Reporting Services Configuration Manager confirm the Web Service Identity has a Green tick
Changing the Account for the Report Manager Application Pool
Some of these will be duplicated if you are using the same account for Report Server and Report Manager
Change the Identity of the Application Pool account used by Report Manager Virtual Directory
· Open IIS Manager from Administrative Tools
· Open the Properties of the Report Manager Virtual Directory and confirm the Application Pool name
· Open the Properties of the Application Pool.
· Click on the Identify tab
· Click Configurable and enter the UserName DOMAIN\MyAccount and Password
· Click OK and enter the password again to complete.
Add DOMAIN\MyAccount to the following Local Groups on the server hosting Reporting Services
· IIS_WPG
· SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance>
· SQLServer2005ReportServerUser$<machine>$<instance>
C:\Windows\Temp folder Access
· Make sure the DOMAIN\MyAccount has read and write access to this folder.
Stop and Start the Application Pool used by the Report Manager
· Stop the Application Pool
· Start the Application Pool
Stop and Start the Application Pool used by the Report Server
· Stop the Application Pool
· Start the Application Pool
There you have it.