How to reset the Claims to Windows Token Service account (SharePoint Server 2010)

Applies to: SharePoint Server 2010

Scenario: The Claims to Windows Token Service account is changed unintentionally or otherwise needs to be reset back to default.

Solution

The Claims to Windows Token Service cannot be reset to the Local System account by using Central Administration. The following Windows PowerShell cmdlets can be used to reset the Claims to Windows Token Service back to Local System.

Launch the SharePoint Management Shell from the computer that is running SharePoint Server.

Run the following cmdlet to view a list of services.

Get-SPServiceInstance

Find and copy the Id of the Claims To Windows Token Service. Right-click in the Windows PowerShell window and choose Mark. This will allow you to select and copy the Id with your mouse cursor. After highlighting the Id, press ENTER on your keyboard.

Test your Id by running the following cmdlet.

Get-SPServiceInstance -identity <Paste the C2WTS Id>

Right-click in the PowerShell window and paste the Id you copied earlier.

Next, set a variable by running this cmdlet:

$claims = get-spserviceinstance -identity <Paste the C2WTS Id>

Run these cmdlets to reset the C2WTS back to Local System:

$claims.Service.ProcessIdentity.CurrentIdentityType=0 
// The 0 in the preceding line is IdentityType.LocalSystem
$claims.Service.ProcessIdentity.Update()
$claims.Service.ProcessIdentity.Deploy()
$claims.Service.ProcessIdentity 
// This output demonstrates that the cmdlet was successful
CurrentIdentityType : LocalSystem
CurrentSecurityIdentifier : S-1-5-18
ManagedAccount :
ProcessAccount : S-1-5-18
Username : NT AUTHORITY\SYSTEM