There are two security groups needed for the Microsoft Dynamics GP 2013 web client and these should be created prior to starting the web client installation.
The first is the Web Client Users group, of which users who will log into the web client will need to be members. The second is the Web Management Console Users group which is the group for administrators of the Web Client.
I have created these groups in Active Directory as GPWebClientUsers and WebManagementConsoleUsers respectively.
To run Microsoft Dynamics GP Web Services, there are four service accounts which are required:
- GP Web Client site application pool – This is the service account which runs the application pool on the web site hosting the Microsoft Dynamics GP web client.
- Web Management Console application pool – This is the service account which runs the application pool on the web site hosting the Web Management Console.
- Session Central Service – This si the service account which runs the Session Central Service.
- Session Service – This is the service account which runs the Session Service on each session host machine.
For the single-server installation these accounts can be machine accounts but I would always recommend that even for this type of installation that they be limited privilege Domain user accounts which have a password that does not expire.
For a scale out, or multi-tenant configuration, these would need to be privilege limited Domain user accounts with passwords that do not expire. While these can all be the same accounts, I typically advise people to use a different account for each one (a legacy of dealing with Microsoft Dynamics CRM where it is recommended that each service is a different account).
In this single-server configuration I will be configuring four separate user accounts to use; one for each of the services.
In the next post, I’ll take a look at installing Internet Information Services (IIS).