In scenarios where the TIC service user lacks administrator privileges on the TIC server, specific configurations and permissions are indispensable for smooth operation:
Sign-on as a Service Permission: This permission is automatically granted when designating a user to run the TIC service.
Read/Write Permissions on the TIC Installation Folder: These permissions enable the user to access and modify files in the TIC installation directory.
HTTP Address Reservation: To ensure optimal TIC functionality, specific addresses must be reserved. This is accomplished by executing the following commands on the TIC server:
netsh http add urlacl url=https://+:8066/ user=domain\username netsh http add urlacl url=http://+:8077/ user=domain\username
Service Principal Name (SPN) Registration (for Domain Users): Irrespective of the user's administrative permissions, manual registration of the SPN through PowerShell on the domain is mandatory:
SetSpn -s HTTP/ticserver.domain domain\username
This step guarantees accurate authentication for domain users.
