Menu
I have configured TFS on my live server which is in our office premises.
Right now, we can access it i.e. windows domain users/active directory users but when I give my user name password to someone out of our office premises and ask him to connect to TFS project from visual studio via a web link then he cannot connect and tell him that either the credentials are more than necessary or you have no permission.
But the same credentials is working for the TFS web portal, for the same guy but not if connecting to the project from visual studio.
Why? Is there any way to let them access our projects without them being the part of windows group or Active Directory i.e. TFS own users? How should we do that?
662
Right-click the Team Foundation Server, point to Team Foundation Server Settings, and then click Security. In the Global Security dialog box, in Add users and groups, select Windows User or Group, and then click Add. Verify that both the object type and the location are correct.
The server level permission management can be configured through the TFS Administration Console. To do that, you can open the console, click Application Tier, and click Group Membership/Administer Security in the Application Tier Summary section.
Go to AD Mgmt > File Server Management > Modify NTFS permissions. Choose which folders you want to enable a user or group access to. Now go to the Accounts section and choose the users or groups you want to grant permission to access the folder.
When a user is a member of multiple user groups, the user will inherit the permission level of the group with the most access.
You can't. TFS authentication is based on Active Directory, end of story. If someone needs access to TFS, they need an AD account, and that AD account needs to be granted access to TFS.
96
You can add Windows user or Windows group in TFS. TFS use the authentication with windows user/ domain user(Active Directory) to access the server. TFS can't create users directly. There are no TFS own users.
Additional: About the relationship with TFS and Active Directory
TFS does not write to Active Directory (AD) nor "has it's own Active Directory".
TFS stores users and groups, permissions and security, into its own database. To integrate with Windows Security by running a background job every hour and reading users and groups from AD.
Since you are a TFS Administrator (the same with other normal users), we highly recommend you not directly share your admin credentials to others. There are a lot of potential risks.
You may have to add that user in your AD, and give him access to TFS, finally follow tutorial: Connect from Visual Studio or Team Explorer. He should be able to use Visual Studio to access your TFS server properly.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
