Starting The SharePoint 2010 Sandboxed Code Service

Following best practice of least privilege I was in the process of starting up all the services on my new SharePoint 2010 Farm under separate accounts.

From Central Admin->Security-> Configure Service Account I selected the Windows Service - Microsoft SharePoint Foundation Sandboxed Code option from the drop down and added my newly registered account (Lets say SP2010_Sandbox).

**Note**

You must change the service account assigned to the service before starting the Sandboxed Code Service (This makes life a lot easier!)

clip_image001

After configuring the service account for Sandbox I navigated to Central Admin->Application Management->Manage Services on Server and started the service. From here everything looks fine and the service indicates started.

clip_image002

However navigating to services mmc and looking for the service SharePoint 2010 User Code Host had stopped.

clip_image003

To resolve this I had to add the sandbox service account to the local admin group on the server, then stop the service from Manage Services on Server then click start and the service started fine. I'm sure somewhere there is more detail on the exact security permissions as having this service account in the local admin group is not ideal.

At the time of writing the only documentation I could find to support this http://technet.microsoft.com/en-us/library/ee513064.aspx.

3 comments:

Anonymous said...

I found that adding the service account to the local "Performance Monitor Users" group on each server also seems to fix the problem and doesn't require elevation to Local Admin.

Unknown said...

I too would like to thank you for your assistance on this problem. I was having the following errors: "sandboxed code execution failed" and "Error importing WebPart. Assembly ParContainer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0d06cexxxxxx3, TypeName. PaContainer.PaContainerWebPart.PaContainerWebPart, PaContainer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0d0xxxxxxxxx"

Sadly, elevating the account resolved this sandboxed solution issue that I was having. Not sure why this needs to be. It's a lame fix, but it's typical with Sharepoint.

Paul Grimley said...

Thanks Greg, glad it helped.

Paul

Post a Comment