Configuring Notification Services Windows Services
When you define a Notification Services application, you specify the server that runs each hosted event provider, generator, and distributor. When you deploy the instance of Notification Services, you install a Notification Services engine on each server that runs one or more of these components. Typically, the engine is the NS$instanceName Microsoft Windows service, which you install when you register the instance of Notification Services. This topic describes how to configure startup and security for the NS$instanceName Windows service.
If you do not want to run the engine using the Windows service, you can host the engine in another application or process. For more information, see Hosting the Notification Services Engine.
Configuring Windows Service Startup
You can configure a NS$instanceName Windows service to start automatically when the computer starts. Windows services can also attempt to restart automatically if they stop for any reason.
Important
The NS$instanceName Windows service requires the Database Engine to be started. If the instance of the Database Engine is not started, the NS$instanceName Windows service attempts to start and then fails. A dependency check is not built into the NS$instanceName service because the databases can be on a remote server.
- How to: Start an Instance of Notification Services Automatically (Services Manager)
- How to: Restart an Instance of Notification Services Automatically (Services Manager)
Configuring Service Security
Each NS$instanceName Windows service runs in the context of a Windows account, which can be a domain, local, or a built-in account (such as the Network Service account). This account is granted the permissions necessary to log on as a service when you register the instance. This account, or a Microsoft SQL Server login account associated with the service, must also have proper database permissions; if it does not, the service will not start.
- When using Windows Authentication, you must assign database permissions to the NS$instanceName Windows service account by granting Database Engine login rights to the account, granting the account access to the instance and application databases, and adding the account to the proper database roles (NSEventProvider, NSGenerator, NSDistributor, or NSRunService) in these databases.
Note that when using Windows Authentication, the user who creates the instance of Notification Services is the database owner (dbo). By default, this user has all necessary permissions on the databases. However, Microsoft recommends using a separate account for the NS$instanceName Windows service to help improve security. - If you cannot use Windows Authentication, you must assign a SQL Server login and password to the Windows service when registering the instance. The SQL Server login account must exist, must be granted access to the instance and application databases, and must be added to the proper database role (NSEventProvider, NSGenerator, NSDistributor, or NSRunService) in these databases to limit the permissions of the Windows service.
If the same SQL Server login is used to create the databases and register the instance, this account is the database owner (dbo) and has all necessary permissions in the instance and application databases. However, Microsoft recommends using a separate login for the NS$instanceName Windows service, to limit the permissions of the Windows service.
You specify the Windows or SQL Server login accounts used by the service when you register the instance. To change the security accounts, you must either reregister the instance or change the service properties in SQL Server Configuration Manager or Services in Windows Control Panel.
When adding the Windows service account to a database role, use the role with the privileges that meet, but do not exceed, the requirements for the Windows service:
Note
Not all components run on all servers. If you scale-out the instance of Notification Services across multiple computers, some servers may run only one component.
- The NSEventProvider database role grants the permissions to submit events. If the Windows service runs a hosted event provider, make the account a member of this role.
- The NSGenerator database role grants the permissions to run the generator. If the Windows service runs a generator, make the account a member of this role.
- The NSDistributor database role grants the permissions to distribute notifications. If the Windows service runs a distributor, make the account a member of this role.
- The NSRunService database role encompasses the NSEventProvider, NSGenerator, and NSDistributor roles. If the Windows service runs hosted event providers, generators, and distributors, make the account a member of this role.
For information about configuring security for Notification Services, see Securing Notification Services.
For step-by-step deployment instructions for a variety of configurations, see Deploying Notification Services.
To set the security account for an NS$instanceName Windows service
- How to: Register an Instance of Notification Services for Engine Components (SQL Server Management Studio)
- nscontrol register Command
- How to: Change the Windows Account for an Instance of Notification Services (SQL Server Configuration Manager)
- How to: Change the Windows Account for an Instance of Notification Services (Services Manager)
See Also
Concepts
Securing Notification Services
Starting and Stopping Instances of Notification Services
Enabling and Disabling Instances, Applications, or Components
Notification Services Database Roles
Other Resources
Administering Notification Services