Add a user to the "Team Foundation Service Accounts" group in TFS

security team-foundation-server

you might want to use tfssecurity.exe command for this purpose. At least, this is the default approach. MS decided to make it not that easy to add someone to this group to keep the number of "global god-users" low. :-)

See this link for further info: http://msdn.microsoft.com/en-us/library/ms400759.aspx


There is only one way for this.

Please use following command to add user in service accounts group:

tfssecurity /g+ "Team Foundation Service Accounts" n:domain_name\user_name /server:SERVER_URL


Wow! This one was hard to figure out. In the end I only got it due to luck (and trying a lot of different things).

Here is what you do:

  1. Open the TFS Admin Console
  2. Click on the Applciation Tier in the left tree
  3. In the "Administration Console Users" find your user (assuming it is there)
  4. Select your user, and then select "Reapply" to the right of the box
  5. Click on Advanced Features in the dialog box that appears.
  6. Make sure "Add required permissions to change service accounts" is selected.
  7. Select OK

RESULT: The user is added to the "Team Foundation Service Accounts" group

whew! Glad that is solved, I was going NUTS!

Related

Difference between link-local and global link addresses in ISATAP
/etc/security/limits.conf soft nproc limit appears to be ignored
How do I edit the SSH "last login" message?
Is RAID-Z on a single hard disk drive stupid?
Where is ASP.NET server log file is located?
Is there a "standard" way to make daemon in Debian?
User-specific anacrontab?
150 TB and growing, but how to grow?
Ensuring a repeatable directory ordering in linux
keep ssh connection alive and persistant while switching network interface connections
What does the Windows 7 local group Power Users actually do?
Conditional ProxyCommand in ~/.ssh/config?