Configure Net.TCP Port Sharing for Users without Administrator Computer Privileges

Use this activity to configure the Net.TCP Port Sharing service for users who are not local administrators of their computers. See the MineMarket configuration examples to determine on which machines the Net.TCP Port Sharing service must be enabled.

Important: Contact your network administrator or Datamine representative for assistance with this configuration.

The configuration process must be conducted with adequate network, domain and administrator permissions to the machine.

Update the User Account Control Settings

  1. Open the Windows Control Panel.
  2. Select the System and Security category.
  3. Select Change User Account Control Settings.

    The User Account Control Settings window opens.

  4. Select Never Notify.
  5. Click OK.
  6. Restart the computer.

Configure the SMSvcHost.exe.config file

  1. Open the Windows Services application.
  2. Ensure that the Net.TCP Port Sharing Service is stopped.
  3. Right-click the Net.TCP Port Sharing Service and select Properties from the menu.
  4. Copy the folder location called Path to executable.

    Note: Do not copy the SMSvcHost.exe filename at the end of the folder location.

  5. Use Windows Explorer to open the copied folder location.
  6. Open the SMSvcHost.exe.config file with Windows Notepad or an alternative text editor with administrator permissions.
  7. Edit the file contents to match the following code:
    Copy
    <?xml version="1.0" encoding="utf-8"?>
    <!-- The configuration file for SMSvcHost.exe -->
    <configuration>
        <runtime>
            <gcConcurrent enabled="false" />
        </runtime>
        <system.serviceModel>
            <!-- SMSvcHost ETW traces are redirected by default to an etwProviderId different from WCF's default. 
                 To trace to the default provider, remove the etwProviderId attribute below. -->
            <diagnostics performanceCounters="Off" etwProviderId="{f18839f5-27ff-4e66-bd2d-639b768cf18b}"/>
        </system.serviceModel>
        <system.serviceModel.activation>
            <net.tcp listenBacklog="10" maxPendingConnections="100" maxPendingAccepts="2" receiveTimeout="00:00:10" teredoEnabled="false">
                <allowAccounts>
                    <!-- LocalSystem account -->
                    <add securityIdentifier="S-1-5-18"/>
                    <!-- LocalService account -->
                    <add securityIdentifier="S-1-5-19"/>
                    <!-- Administrators account -->
                    <add securityIdentifier="S-1-5-20"/>
                    <!-- Network Service account -->
                    <add securityIdentifier="S-1-5-32-544" />
                    <!-- IIS_IUSRS account (Vista only) -->
                    <add securityIdentifier="S-1-5-32-568"/>
                </allowAccounts>
            </net.tcp>
            <net.pipe maxPendingConnections="100" maxPendingAccepts="2" receiveTimeout="00:00:10">
                <allowAccounts>
                    <!-- LocalSystem account -->
                    <add securityIdentifier="S-1-5-18"/>
                    <!-- LocalService account -->
                    <add securityIdentifier="S-1-5-19"/>
                    <!-- Administrators account -->
                    <add securityIdentifier="S-1-5-20"/>
                    <!-- Network Service account -->
                    <add securityIdentifier="S-1-5-32-544" />
                    <!-- IIS_IUSRS account (Vista only) -->
                    <add securityIdentifier="S-1-5-32-568"/>
                </allowAccounts>
            </net.pipe>
            <diagnostics performanceCountersEnabled="true" />
        </system.serviceModel.activation>
    </configuration>

    Important: Ensure that at least the net.tcp section is not commented out. For sections that remain commented out, ensure that the file uses correct comment formatting (not the default double slash).

  8. Ensure that the user accounts connecting to MineMarket belong to one of the groups indicated in the net.tcp entry. If the user accounts connecting to MineMarket do not belong to one of the groups (for example, an Active Directory User Group) indicated in the net.tcp entry, then include the applicable groups in the net.tcp entry.

    Note: To get the securityIdentifier for the group, either enter whoami /all for the user in Windows Command Prompt, or use the program PSGetSID This program can be downloaded from https://docs.microsoft.com/en-us/sysinternals/downloads/psgetsid.

    PSGetSID is a DOS program. To view the format of the command, use the command PSGetSID /?

  9. Restart the Net.TCP Port Sharing Service.

    Important: It may be necessary to reboot the server running the Net.TCP Port Sharing Service in order for this configuration to take effect.