Configuring Permissions for My Site Host

Ever came across this error when a user tries to create their personal site?

‘Your personal site cannot be created because Self-Service Site Creation is not enabled. Contact your site administrator for more information.’

Many of the blogs out there say that you need to add the app pool of your My Site web application to the farm administrators group.  If you are going under the least privilege security model, you probably do not like this approach. 

Here is a simple solution that keeps the app pool account out of your farm admins group as well as protects the use of Self-Service Site Creation.

Note: this assumes that you have a dedicated web application for your My Site host.

Turn on Self-Service Site Creation on your My Site web application

  1. Central Admin –> Application Management –> Click “Self-Service Site Management” under the Application Security heading
  2. Select your My Site web application from the drop list
  3. Select the ‘On’ radio button, make sure that the ‘Require Secondary Contact’ option is unchecked.
  4. Click OK

It should look like this:


Configure Permissions on your My Site host

  1. Browse to Central Admin –> SSP Admin Page –> Click “Personalization services permissions” under the User Profiles and My Sites heading
  2. On the left navigation, click the ‘My Site Host Permissions’
    1. This will take you to the root site on the my site host
  3. Click on ’Site Permissions’ on the left navigation
    1. You could also browse to http://<YourMySiteHost/_layouts/user.aspx
  4. Select ‘Settings’ –> ‘Permission Levels’ from the toolbar
  5. Select the ‘Read’ permission level from the list
  6. Clear the ‘ Use Self-Service Site Creation’ permission checkbox and then click ‘Submit’ at the bottom
  7. Add the application pool account of your My Site web application to the  site with the ‘Full Control’ permission level
    1. Click on ‘Permissions’ in the breadcrumb, that should take you back to the Site Permissions page (/_layouts/user.aspx)
    2. Click ‘New’ on the toolbar, enter the application pool account for your My Site host web application
    3. Check the box next to ‘Full Control’
    4. Uncheck the box to send the welcome email
    5. Click OK

Test it out!

  1. Login to SharePoint using a standard user account
  2. Click the ‘My Site’ link in the header
  3. The My Site should be created without the original error

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s