Remove NetworkService account access to the PI AF SQL Server database

Removal of NetworkService account access to the PI AF SQL Server database is only applicable for upgrades from older versions of PI AF. Beginning with PI AF 2.7 (2015), the PI AF Application Service is run under a virtual account, NT SERVICE\AFService, and this change is not required.

If you change the PI AF application service so that it does not run under the NetworkService account, you must remove the NetworkService account’s access to the PI AF SQL Server database (typically called PIFD).

1. On the PI AF SQL Server database computer, click Start > Administrative Tools > Computer Management.

2. Under Computer Management (Local), expand System Tools > Local Users and Groups > Groups.

3. In the list of groups, double-click AFServers.

4. Select the NetworkService account and click Remove.

5. Click OK and click Close.

6. Open SQL Server Management Studio and connect to the SQL Server instance in which the PIFD database resides.

7. Expand the PIFD database and navigate to the Security > Schemas folder.

   

8. Right-click the NT AUTHORITY\NetworkService schema and select Delete.

9. Click OK to remove the schema.

10. Under the SQL Server instance, expand the Security folder; then expand the Logins folder.

11. Right-click NT AUTHORITY\NetworkService and select Properties.

12. Select the User Mapping page.

13. Select the row for the PIFD database.

14. Clear the check box under Map for the PIFD database.

    

15. Click OK.

    The NT AUTHORITY\NetworkService user in the PIFD database is removed, and the NT AUTHORITY\NetworkService login no longer has access to the PIFD database.