When the PaperCut Application Server (the primary server component) is installed on Windows, it starts under the local SYSTEM account. In most cases the permissions provided by the SYSTEM account are adequate for the normal function of PaperCut. In some cases it may be required to run PaperCut’s Services under a different account, such as to:
- allow access to trusted network resources such as secured AD contexts.
- allow access to network shares (the Windows SYSTEM account is prevented from accessing network shares).
Providing PaperCut access secured resources
Secured resources (e.g. Domain contexts or network shares) may be required to perform functionality such as user synchronizing or shared account importing via a directory scan on a network share / mapped drive.
The easiest way to allow PaperCut access to network shares is to assign the service PaperCut Application Server local administrator level access. Although this is technically not required it is the easiest way to get the job done. Strictly speaking you can get away with less if you know what you’re doing.
To assign the PaperCut Application Server service local administrator level access:
- Create a new local user account with administrator level access (via Control Panel → Administrative Tools → Computer Management → System Tools → Local Users and Groups). Enable the option Password never expires.
- Via Control Panel → Administrative Tools → Services, bring up the Properties dialog for the service PaperCut Application Server.
- Via the Log On tab, select Log on as: This account: and enter the credentials for the newly created account.
- Press OK and restart the service.
PaperCut should now be able to access network shares.
Categories: Implementation / Deployment