Least-privileged security model enabled after Oct 22 CU

[petepuu]

Problem description

After October 2022 CU we should run the following command after farm is created because the least-privileged model is automatically enabled. If this is not done then deleting web application in CA will fail to access denied error at least for setup account.

Get-SPDatabase | %{$_.GrantOwnerAccessToDatabaseAccount()}

https://support.microsoft.com/en-us/topic/-sorry-something-went-wrong-error-when-you-delete-a-web-application-kb5031287-e1f3e2b7-6176-4e37-ab3b-606a9e456ffa

https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/plan-for-least-privileged-administration#additional-things-to-consider-for-a-least-privileged-environment

Verbose logs

-

DSC configuration

-

Suggested solution

Could we add this command maybe to the SPFarm resource as a last part after farm is created

SharePoint version and build

SPSE October 2023 CU

Operating system the target node is running

-

PowerShell version and build the target node is running

-

SharePointDsc version

5.4