Third Shelf

Team Foundation Server Groups

Posted in team foundation server by Sydney du Plooy on August 11, 2008

After upgrading a virtual server installation of TFS2005 to TFS2008, I found myself locked out and unable to access the server from Team Explorer in VS.NET 2008. Bummer.

While trying to solve this issue, I discovered a few things about Team Foundation server groups.

  • Groups that start with SERVER is not a local Windows group on the server. It is a built in TFS group, with pre-configured rights assigned to it.
  • The SERVER\Team Foundation Licensed Users group is limited to five user accounts. You cannot add Windows groups to this account.
  • The SERVER\Team Foundation Valid Users group is automatically populated by TFS as users and groups are added to the security configuration. You cannot modify this group.
  • SERVER\Team Foundation Administrators includes the BUILTIN\Administrators group from the local Windows installation by default. So, to add new administrators to the TFS server, either include them into the local Windows Administrators group, or create a new local group called TFS Administrators and add this group to the SERVER\Team Foundation Administrators group.
  • To add users to Team Foundation server, you need to add either Windows groups or Windows users to the Project\Contributors group. If you want to give a user access to all Team Projects then add the user to the SERVER\Contributors group.

The reason I found myself locked out was because I restored the Team Foundation databases from another server. The server I restored from had the contributors group mapped to a Windows group, which did not exist on the new server.

While trying out various configurations, the following error popped up when I added a local Windows group to the SERVER\Team Foundation Licensed Users group:

This is about as descriptive as it gets. The error should have read “The local Windows group ‘Team Foundation Licensed Users’ group cannot be added to the TFS Team Foundation Licensed Users group. You may only add upto 5 users to this group.”.

You can find more information on Team Foundation Server Default Groups, Permissions, and Roles in this article.


Tagged with: ,

leave a comment

Leave a Reply