About the App Portal Service Account
Prior to installing App Portal / App Broker, you need to identify and configure an App Portal / App Broker service account. This service account will be used for App Portal / App Broker’s interaction with SQL Server and Active Directory.
App Portal / App Broker Service Account Required Permissions
The App Portal / App Broker requires the following permissions:
| Entity | Required Permissions |
|---|---|
| SQL Server | System administrator (SysAdmin) permission, including permission to create the App Portal / App Broker database. |
| System Center Configuration Manager / Altiris Database | Full administrator access, including read (db_datareader) and EXECUTE access on the Microsoft System Center Configuration Manager or Altiris Client Management database in SQL. |
| App Portal / App Broker Database | DBO permission on the App Portal / App Broker database, including read/write permission. |
| Client Workstations | Whether or not the App Portal / App Broker service account requires administrative permissions on the client workstations depends upon the deployment technology that you are using. System Center 2012 Configuration Manager or Microsoft Endpoint Configuration Manager—The App Portal / App Broker service account does not require administrative permissions on the client workstations. Altiris—The App Portal / App Broker service account requires full administrative permissions on the client workstations. These permissions are used by App Portal / App Broker to run machine policy evaluation for accelerated software deployments and rerunning advertisements as necessary. They are also used if client-side commands and actions have been created within App Portal / App Broker. |
info
The App Portal / App Broker service account must continue to have these permissions even after the installation is complete.
Required Updates if the Password of the App Portal Service Account Changes
If you change the password of the App Portal service account after you have installed App Portal, you need to also update the password for both the ESDService Windows Service and the SelfService application pool in IIS.
| Location | Steps to Take |
|---|---|
| ESDService Windows Service | You need to update the App Portal service account password on the ESDService Windows Service on the App Portal web server. To update the password on the ESDService Windows Service: On the App Portal web service, open the Services Microsoft Management Console. Select the <span class="UI_Element">ESDService</span> in the list and double-click to open the <span class="UI_Element">Properties</span> dialog box. Open the <span class="UI_Element">Log On</span> tab and update the password. |
| SelfService Application Pool in IIS | You need to update the App Portal service account password on the SelfService application pool in IIS on the App Portal server. To update the password on the SelfService application pool in IIS: On the App Portal web service, launch Internet Information Services (IIS). In the <span class="UI_Element">Connections</span> tree, select <span class="UI_Element">Application Pools</span>. In the <span class="UI_Element">Application Pools</span> list, select <span class="UI_Element">SelfService</span> and click <span class="UI_Element">Advanced Settings</span> in the <span class="UI_Element">Actions</span> menu. Under <span class="UI_Element">Process Model</span>, click the browse button in the <span class="UI_Element">Identity</span> field. The <span class="UI_Element">Application Pool Identity</span> dialog box opens. Click <span class="UI_Element">Set</span> next to <span class="UI_Element">Custom account</span>. The <span class="UI_Element">Set Credentials</span> dialog box opens. Enter the App Portal service account <span class="UI_Element">User name</span> and <span class="UI_Element">Password</span> and click <span class="UI_Element">OK</span> and click <span class="UI_Element">OK</span> again to close the <span class="UI_Element">Application Pool Identity</span> dialog box. |