Skip to main content

About the App Portal Service Account

Prior to installing App Portal / App Broker, you need to identify and configure an App Portal / App Broker service account. This service account will be used for App Portal / App Broker’s interaction with SQL Server and Active Directory.

App Portal / App Broker Service Account Required Permissions

The App Portal / App Broker requires the following permissions:

EntityRequired Permissions
SQL ServerSystem administrator (SysAdmin) permission, including permission to create the App Portal / App Broker database.
System Center Configuration Manager / Altiris DatabaseFull administrator access, including read (db_datareader) and EXECUTE access on the Microsoft System Center Configuration Manager or Altiris Client Management database in SQL.
App Portal / App Broker DatabaseDBO permission on the App Portal / App Broker database, including read/write permission.
Client WorkstationsWhether or not the App Portal / App Broker service account requires administrative permissions on the client workstations depends upon the deployment technology that you are using. System Center 2012 Configuration Manager or Microsoft Endpoint Configuration Manager—The App Portal / App Broker service account does not require administrative permissions on the client workstations. Altiris—The App Portal / App Broker service account requires full administrative permissions on the client workstations. These permissions are used by App Portal / App Broker to run machine policy evaluation for accelerated software deployments and rerunning advertisements as necessary. They are also used if client-side commands and actions have been created within App Portal / App Broker.
info

The App Portal / App Broker service account must continue to have these permissions even after the installation is complete.

Required Updates if the Password of the App Portal Service Account Changes

If you change the password of the App Portal service account after you have installed App Portal, you need to also update the password for both the ESDService Windows Service and the SelfService application pool in IIS.

LocationSteps to Take
ESDService Windows ServiceYou need to update the App Portal service account password on the ESDService Windows Service on the App Portal web server. To update the password on the ESDService Windows Service: On the App Portal web service, open the Services Microsoft Management Console. Select the <span class="UI_Element">ESDService</span> in the list and double-click to open the <span class="UI_Element">Properties</span> dialog box. Open the <span class="UI_Element">Log On</span> tab and update the password.
SelfService Application Pool in IISYou need to update the App Portal service account password on the SelfService application pool in IIS on the App Portal server. To update the password on the SelfService application pool in IIS: On the App Portal web service, launch Internet Information Services (IIS). In the <span class="UI_Element">Connections</span> tree, select <span class="UI_Element">Application Pools</span>. In the <span class="UI_Element">Application Pools</span> list, select <span class="UI_Element">SelfService</span> and click <span class="UI_Element">Advanced Settings</span> in the <span class="UI_Element">Actions</span> menu. Under <span class="UI_Element">Process Model</span>, click the browse button in the <span class="UI_Element">Identity</span> field. The <span class="UI_Element">Application Pool Identity</span> dialog box opens. Click <span class="UI_Element">Set</span> next to <span class="UI_Element">Custom account</span>. The <span class="UI_Element">Set Credentials</span> dialog box opens. Enter the App Portal service account <span class="UI_Element">User name</span> and <span class="UI_Element">Password</span> and click <span class="UI_Element">OK</span> and click <span class="UI_Element">OK</span> again to close the <span class="UI_Element">Application Pool Identity</span> dialog box.