Shut-Up and Smile

If you're going to install Team Foundation Server, you need to read the great install guide [0] that Rob Caron [1] and friends have worked up. Let me rephrase that, you must. I've been installing this product tons over the last year and I still use the guide because they're always adding notes and tweaks to make your life easier. Not to mention the product gets better (like no need for ADAM).

In building a single machine version (where EVERYTHING--domain controller, data tier, app tier, build server, and client), I was running into security issues. The solution was to make the TFSSERVICE and TFSREPORTS accounts members of the BUILTIN\Administrators group. Naturally Active Directory domain controllers are "special" relative to regular servers and client machines. So, while the install guide says the service accounts should not be Administrators, on a TFS box in single machine mode with Active Directory, that's just the way it needs to be (unless you want to figure out all the areas that need to be adjusted for each service account). Normally, I might want to spend the time to figure this out. But I won't. Why? Because no sane person or company should be running TFS this way. It's for demos, test, and just playing around. Period.

That also means if you're evaluating TFS, you really need to build out a test domain (real or virtual) with multiple tiers.

End of line.

[0] http://www.microsoft.com/downloads/details.aspx?FamilyId=E54BF6FF-026B-43A4-ADE4-A690388F310E&displaylang=en
[1] http://blogs.msdn.com/robcaron/default.aspx