Skip to main content
Sign In |
  Help (new window)
The World's Best Known Brand for Microsoft Project and Project Server Expertise

Project Server Experts Community Site

Go SearchAdvanced Search
Project Server Experts Community Site
Project Server Help Blog
MSProject Experts
Training Schedule
  
Project Server Experts Community Site > Project Server FAQ KnowledgeBase > Recover from removing all members of the Administrators group in Project Server 2007  

Web Part Page Title Bar image
Recover from removing all members of the Administrators group in Project Server 2007

Background Information

In Project Server 2007, it is possible to remove all members from the Administrators Group in Project Server. After doing this, nobody can logon to the system with administration rights. There are two methods to resolve this issue:

  1. You can use the stsadm utillity to re-add the appropriate user to the Administrators Group for the affected Project Server instance (Recommended Solution).
  2. You can fix this in the Published database for the affected Project Server instance by adding an entry to the MSP_WEB_SECURITY_GROUP_MEMBERS table to restore a user to the administrator group.

 Resolution #1

  1. Logon to a Web Front-End server in your server farm as a local Administrator.
  2. Open a command prompt.
  3. Type cd <dir_name>, where <dir_name> is the location of your "12 Hive" (typcally located at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\).
  4. Type stsadm -o projenumusers -url <pwa_url>, where <pwa_url> is the URL of your PWA site (for example, http://projectserver/pwa).
  5. StsAdm should print a list of Project Server users. Find the user you wish to add to the Administrators security group and note the name that appears in the <RES_NAME> element (for example, <RES_NAME>User</RES_NAME>).
  6. Type stsadm -o projmodifyuseringroup -url <pwa_url> -groupname Administrators -username <res_name> -addorremove add, where <pwa_url> is the URL of your PWA site (for example, http://projectserver/pwa) and <res_name> is the name that you noted in Step 5.

Once you restore one user, logon as that user and restore the rest of the group membership using the Administration interface. Note: This method will not permit you to restore a user that is a local Administrator on the system. You must instead restore a user that is not a local Administrator.

Resolution #2

  1. Logon to your SQL Server Instance and expand the Published database for the affected instance
  2. Open the MSP_WEB_SECUIRTY_GROUP_MEMBERS table.
  3. To populate the WRES_GUID field in this table, copy the RES_SECURITY_GUID field for the resource from the MSP_RESOURCES table.
  4. To populate the  WSEC_GRP_GUID field, harvest the WSEC_GRP_GUID field for the Administrators group from the MSP_WEB_SECURITY_GROUPS table.
Once you restore one user, logon as that user and restore the rest of the group membership using the Administration interface. Note: It may be a good idea to restore the SSP service account first, and logon to the system using that account.