Following best practice of least privilege I was in the process of starting up all the services on my new SharePoint 2010 Farm under separate accounts.
From Central Admin->Security-> Configure Service Account I selected the Windows Service - Microsoft SharePoint Foundation Sandboxed Code option from the drop down and added my newly registered account (Lets say SP2010_Sandbox).
**Note**
You must change the service account assigned to the service before starting the Sandboxed Code Service (This makes life a lot easier!)
After configuring the service account for Sandbox I navigated to Central Admin->Application Management->Manage Services on Server and started the service. From here everything looks fine and the service indicates started.
However navigating to services mmc and looking for the service SharePoint 2010 User Code Host had stopped.
To resolve this I had to add the sandbox service account to the local admin group on the server, then stop the service from Manage Services on Server then click start and the service started fine. I'm sure somewhere there is more detail on the exact security permissions as having this service account in the local admin group is not ideal.
At the time of writing the only documentation I could find to support this http://technet.microsoft.com/en-us/library/ee513064.aspx.
3 comments:
I found that adding the service account to the local "Performance Monitor Users" group on each server also seems to fix the problem and doesn't require elevation to Local Admin.
I too would like to thank you for your assistance on this problem. I was having the following errors: "sandboxed code execution failed" and "Error importing WebPart. Assembly ParContainer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0d06cexxxxxx3, TypeName. PaContainer.PaContainerWebPart.PaContainerWebPart, PaContainer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0d0xxxxxxxxx"
Sadly, elevating the account resolved this sandboxed solution issue that I was having. Not sure why this needs to be. It's a lame fix, but it's typical with Sharepoint.
Thanks Greg, glad it helped.
Paul
Post a Comment