Team Foundation Server 2010 Security Permissions

Team Foundation Server (TFS) 2010 is a system not a product and is a combination of WSS, SQL Server and TFS it’s self and most of the Errors and Issues We face during during its Installation and Deployment are releated to SECURITY this might not be possible in every case but if you go online and check this will be the case and that’s what i have learnt during my professional career and deploying TFS multiple times.

We need to understand the following components and the User(s) access rights on them are very important and are the root cause!.

1) SQL Server

a) Reporting Services User rights

b) Analysis Services User rights

c) Database Engine User rights

2) WSS

a) Default Site User rights

b) Central Administration Site User rights

c) Team Site Collection (falling under the Default Site and the Team Sites fall under Team Site Collection) User rights

3) Team Foundation Server

a) Server level User rights

b) Project level User rights

So all these are inter-linked your USER under which your TFS will run has to have rights on all these above mentioned components so let’s say for installation of TFS 2010 you created a user named tfs-user now this User has to have rights on Analysis Services, Reporting Services, SQL DB Engine, WSS sites (Default, Central Admin) and TFS Projects. This is the only way out in which you would be able to deploy, install and configure services rightly and successfully and you would be able to create Team Project successfully and would be able to access Team Site, Reports etc and etc.

So for creating additional users you need to check rights on these specific locations and assign rights as per requirements and privleges.

Whats New in Team Foundation Server (TFS) 2010

This week around I spent some time in exploring Team Foundation Server (TFS) 2010. If you are familiar with 2008 and earlier releases of the Product you would find it a bit different and following are the changes which I have identified.

1) The Product is first installed and the files are copied on C:\Program Files\Your Path and then there comes a Configuration Wizard where the main game starts and you are required to configure TFS.

2) The Configuration Wizard is a cool add-up has a rich UI and allows you to configure the product in multiple ways such as you want to go for Basic Server Configuration or Advance Configuration.

3) There is no binding to must bind WSS 3.0 SP1 or Plus with your TFS and your TFS will continue to work without creating SharePoint sites as well.

4) In TFS 2010 you are required to configure SQL Server Reporting Services first rather then leaving on the TFS Configuration Wizard to configure them for you.

5) The Administration wizard is also a new addition and is such rich in nature that it allows you to actually re-configure or post configure WSS 3.0, Reporting Services, Analysis Services etc at the later stage.

6) If you plan to integrate TFS 2010 with SharePoint after the installation and configuration then you are required to have SharePoint extensions installed and use the TFS Administration Console to actually bind your SharePoint services to TFS 2010.

7) You must have heard of lot of tools coming along with TFS 2008 for Web Access now the Web Access Tool is built in TFS 2010 and it is also configured like other components this creates a separate TFS  website in the IIS and one can easily browse through the Team Project in the browser.

8 ) Hence the Configuration and Administration Consoles in TFS 2010 are really helpful. The Configuration Wizard allows you to Add/Remove components as per requirements and Administration Console helps you to Configure the Installed components and help in their Integration.

9) Overall the Product has improved its performance, health check activity and repair methodology but one should be very careful while choosing which version of the SQL and WSS 3.0 will go well with TFS 2010 and under which mode. For more information on installation please refer to by other post

10) Last but not least the Visual Studio 2010 Shell Console which you see after installing Team Explorer 2010 and man this has an awesome interface with much more options with compared to the previous version of Team Explorer and now this really looks like a console to manage TEAM PROJECTS!

Installing and Configuring Team Foundation Server 2010 (Step by Step)

Team Foundation Server (TFS) 2010 is already available and you can deploy and start using it. One ideal scenario for it’s installation is as follows:

1) Take a machine and Install Windows Server 2008 (Enterprise)

2) Create a User Named TFS with Admin rights

3) Then You need to install its Service Pack 2 (NOT R2), Just Service Pack 2

4) Install SQL Server 2008 (Enterprise Edition with all components. Mind you Install Reporting Services in Native mode (not the SharePoint Integrated mode) and DON’T Configure the Reporting Services NOW!

5) Download and Install WSS 3.0 + SP2 and You should be able to successfully complete its Configuration Wizard.

6) Once you do that you should be able to see the SharePoint site http://localhost

7) Now Go To the SQL Server Reporting Services Configuration Manager Tool and NOW CONFIGURE your Reporting Services, Use the tool in a step by step approach specifying User, Creating DBs etc. Every where specify the User TFS which you have created in step 2.

8) Once you do that you should be able to see the Reporting Service Portal and Web Service site on http://localhost/Reports ; http://localhost/ReportServer (or on which every URL you specified during Reporting Services Configuration)


9 ) When you Run the TFS set-up it will copy all the files to Program files which is equal to Installation and then it will start to configure after deployment / installation. In earlier version Install and Deploy was done at the same time.

10) Now Open up the TFS Setup choose which roles you want to deploy like probably you would only want to have TFS and Build Services and then specify the execution account (tfs user which you created).

11) Set-up will run Health Check (don’t worry if there are errors or warning, face them resolve them, they will be resolved, most errors are related to Account Security, System Reqs, Running Services)

12) Once Health Check is passed setup will start deploying Services, Databases and here if you again face errors it means that TFS is unable to make connection to SQL Server, SharePoint or the User has not sufficient Privileges etc.

13) Step 10 and 11 will take most of your time, but once TFS is deployed and Configure, you can further install Team Explorer to Start Creating and Managing Team Projects.