We have several M$ CRM instances running.
Each one has its own dedicated SQL Server instance.
The permissions are set up in accordance with the Microsoft recommendations for setting up MS CRM.
However, I can't find any documentation regarding minimal required permissions to run CRM.
Currently we have the following two permissions that I would like to remove:
- CRM app pool user has administrator on the SQL Server machine
- CRM app pool user has sysadmin on the SQL Server instance
My main concern is that this user is currently grouped in with other service account users when it comes to permissions (and the process for obtaining/changing the password). However it is for all intents and purposes an administrator account.
Does anyone have any prior experience with removing the CRM app pool users' permission after installation?
You should be able to safely remove both permissions for the CRM app pool. However, please take the following into consideration.
First you need to understand why Microsoft and CRM require those permissions. Since the very early days of Microsoft CRM (as far back as 1.2) the installation procedure for CRM was to copy template mdf/ldf to the administrative shares on the SQL server (\server\c$, \server\d$, etc.) and then mount them in SQL. The former operation requires local server admin rights and the latter requires SQL SA rights.
You might think this is complete insanity and wonder why the databases aren't created using a script. My only guess is that it has something to do with the length of time such a database creation would take.
So why am I saying you can safely remove these permissions? Simple!
These permissions are only required during initial installation or whenever you want to add a new organisation to your CRM environment. For normal every day operation they are not required.
Just make sure to add back those permissions every time you need to add a new organisation. In some cases you will also need them added back for CRM server updates but I have not seen that actually required since CRM 4.0.