locked
Cannot Access Local Farm - how to use Add-SPShellAdmin? RRS feed

  • Question

  • I am trying to use Add-SPShellAdmin in SP 2010 Management Shell. The problem is it keeps telling me "Cannot access the local farm. Verify that the local farm is properly configured, currently available, and that you have the appropriate permissions to access the database before trying again."

    How do I verify all of that? Is there a folder in the directory that has this? Do I need to mess with the SharePoint_Configuration database, which I cannot locate?

    My eventual goal is to import a solution package of a SharePoint web part to the SP Server.

    I am accessing the server via remote connection. It has SP Server 2010 and Windows server 2008 R2. I should also note that I am not experienced with SharePoint; I'm new to it.



    • Edited by A.Chris.Lee Thursday, August 7, 2014 3:16 PM Important note to make
    Thursday, August 7, 2014 1:24 AM

Answers

  • Add your user account to the local group (in Computer Management), WSS_RESTRICTED_WPG_V4. This group should give you the necessary rights to run SharePoint Management Shell.

    Alternatively, if you have the password for the Farm Administrator (the user running owstimer.exe), simply run PowerShell "As Administrator", then use runas.exe /noprofile /env /user:domain\farmadmin "powershell.exe". This will launch a new instance of PowerShell running as the Farm Administrator. Then simply import the SharePoint snapin using:

    Add-PSSnapin Microsoft.SharePoint.PowerShell

    You can then use Add-SPShellAdmin domain\yourusername to add yourself to the Shell Admins, thus granting yourself access.


    Trevor Seward

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by Lindali Friday, September 12, 2014 2:25 AM
    Thursday, August 7, 2014 4:46 PM
  • Hello Cris - As you can do RDP to server, you can perform following steps:

    • Should be added to default local admin group which is called Administrator.<<You already there>>
    • Should be part of farm administrators group in Central Admin site <<Open Central Admin -->Security--Mange farm admin group>>
    • Should be part of windows WSS_Admin_WPG group <<Server manger-->Configrations-->Local User and Group-->Groups>>
    • Should have server login with dbcreator, public, and sysadmin rights on DB <<For this you need to login to SQL server and verify permissions on content DB>>
    • For the SP config database, farm admin should be added to SharePoint_Shell_Access role membership.
    • <<THis also required SQL server login>>
    • Read/Write access to Webapplication <<Central Admin--Manage Web Application-->User Policy>>

    Please follow above to give required permissions.

    -prs

    • Marked as answer by Lindali Friday, August 15, 2014 2:46 AM
    Friday, August 8, 2014 4:41 AM

All replies

  • Are you using PowerShell Remoting? If so, have you validated that the SharePoint Management Shell works when you're remoted into the SharePoint server?

    Trevor Seward

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, August 7, 2014 1:33 AM
  • Hi Chris - Please verify following permission for the log on account - 

    • Should be added to default local admin group which is called Administrator.
    • Should be part of farm administrators group in Central Admin site
    • Should be part of windows WSS_Admin_WPG group
    • Should have server login with dbcreator, public, and sysadmin rights on DB
    • For the SP config database, farm admin should be added to SharePoint_Shell_Access role membership.
    • Read/Write access to Webapplication

    -prs

    Thursday, August 7, 2014 1:59 AM
  • @prs My account is part of the Administrator group. I do not know how to add my account to the other groups, nor do I know how to access the DB nad SharePoint_Shell_Acess. I'm not very experienced with SharePoint.
    • Edited by A.Chris.Lee Thursday, August 7, 2014 3:38 PM Specify who I am replying too
    Thursday, August 7, 2014 3:16 PM
  • @ Trevor Nope, I've been using Remote Desktop Connection then using SharePoint Management Shell on the remotely-connected server.
    • Edited by A.Chris.Lee Thursday, August 7, 2014 3:37 PM Specify who I am replying too
    Thursday, August 7, 2014 3:21 PM
  • Chris as Prithvi mentioned, your account should be in those groups if not you cannot access through powershell, if you have Farm account credentials then you can hold shift and right on the SharePoint PowerShell and click on run as different user and try to login with Farm account , then you can perform what ever you are trying to do.
    Thursday, August 7, 2014 3:39 PM
  • @SharePointIndra I don't think any user on the server has Farm account credentials. Is there a way to give myself account credentials under those circumstances?
    Thursday, August 7, 2014 4:42 PM
  • Add your user account to the local group (in Computer Management), WSS_RESTRICTED_WPG_V4. This group should give you the necessary rights to run SharePoint Management Shell.

    Alternatively, if you have the password for the Farm Administrator (the user running owstimer.exe), simply run PowerShell "As Administrator", then use runas.exe /noprofile /env /user:domain\farmadmin "powershell.exe". This will launch a new instance of PowerShell running as the Farm Administrator. Then simply import the SharePoint snapin using:

    Add-PSSnapin Microsoft.SharePoint.PowerShell

    You can then use Add-SPShellAdmin domain\yourusername to add yourself to the Shell Admins, thus granting yourself access.


    Trevor Seward

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by Lindali Friday, September 12, 2014 2:25 AM
    Thursday, August 7, 2014 4:46 PM
  • Hello Cris - As you can do RDP to server, you can perform following steps:

    • Should be added to default local admin group which is called Administrator.<<You already there>>
    • Should be part of farm administrators group in Central Admin site <<Open Central Admin -->Security--Mange farm admin group>>
    • Should be part of windows WSS_Admin_WPG group <<Server manger-->Configrations-->Local User and Group-->Groups>>
    • Should have server login with dbcreator, public, and sysadmin rights on DB <<For this you need to login to SQL server and verify permissions on content DB>>
    • For the SP config database, farm admin should be added to SharePoint_Shell_Access role membership.
    • <<THis also required SQL server login>>
    • Read/Write access to Webapplication <<Central Admin--Manage Web Application-->User Policy>>

    Please follow above to give required permissions.

    -prs

    • Marked as answer by Lindali Friday, August 15, 2014 2:46 AM
    Friday, August 8, 2014 4:41 AM
  • Friday, August 8, 2014 5:18 PM