During the Setup of Dynamics NAV 2016 you are asked to provide a username and password of the NAV serviceaccount. If you don’t specify an account then ‘NETWORK SERVICE’ will be used. This is a local Built-in account.
If SQL Server is running on the same machine (a two tier setup) as the NST (NAV Service Tier) you could get NAV working also. Just grant the NETWORK SERVICE account db_owner permissions to the NAV database. If SQL Server is running on a different server (a three tier setup) you can’t grant permission to Local Builtin ‘NETWORK SERVICE’ account on the NAV machine. In order to accomplish this task you need to assign a serviceaccount to your NAV Service Tier. The following configuration is needed for the serviceaccount:
- Create a ‘Domain User’ in your AD. You can do this for example on your ‘Domain Controller’.
- Enable the account to log in as a service on the NAV server
- Enable the account to register an SPN
- Give the account necessary database privileges in SQL server
How to Grant the ‘Log on as service’ permission:
Start the ‘Local Group Policy Editor’ on your NAV server. Go to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment and select ‘Log on as a service’.
For standard usage of NAV no additional NTFS permissions are needed.