Skip to main content

About the App Portal Service Account

Prior to installing App Portal / App Broker, you need to identify and configure an App Portal / App Broker service account. This service account will be used for App Portal / App Broker’s interaction with SQL Server and Active Directory.

App Portal / App Broker Service Account Required Permissions

The App Portal / App Broker requires the following permissions:

EntityRequired Permissions
SQL ServerSystem administrator (SysAdmin) permission, including permission to create the App Portal / App Broker database.
System Center Configuration Manager / Altiris DatabaseFull administrator access, including read (db_datareader) and EXECUTE access on the Microsoft System Center Configuration Manager or Altiris Client Management database in SQL.
App Portal / App Broker DatabaseDBO permission on the App Portal / App Broker database, including read/write permission.
Client WorkstationsWhether or not the App Portal / App Broker service account requires administrative permissions on the client workstations depends upon the deployment technology that you are using.
  • System Center 2012 Configuration Manager or Microsoft Endpoint Configuration Manager—The App Portal / App Broker service account does not require administrative permissions on the client workstations.
  • Altiris—The App Portal / App Broker service account requires full administrative permissions on the client workstations. These permissions are used by App Portal / App Broker to run machine policy evaluation for accelerated software deployments and rerunning advertisements as necessary. They are also used if client-side commands and actions have been created within App Portal / App Broker.
info

The App Portal / App Broker service account must continue to have these permissions even after the installation is complete.

Required Updates if the Password of the App Portal Service Account Changes

If you change the password of the App Portal service account after you have installed App Portal, you need to also update the password for both the ESDService Windows Service and the SelfService application pool in IIS.

ESDService Windows Service

You need to update the App Portal service account password on the ESDService Windows Service on the App Portal web server. Do the following:

  1. On the App Portal web service, open the Services Microsoft Management Console.

  2. Select the ESDService in the list and double-click to open the Properties dialog box.

  3. Open the Log On tab and update the password.

SelfService Application Pool in IIS

You need to update the App Portal service account password on the SelfService application pool in IIS on the App Portal server. Do the following:

  1. On the App Portal web service, launch Internet Information Services (IIS).

  2. In the Connections tree, select Application Pools.

  3. In the Application Pools list, select SelfService and click Advanced Settings in the Actions menu.

  4. Under Process Model, click the browse button in the Identity field. The Application Pool Identity dialog box opens.

  5. Click Set next to Custom account. The Set Credentials dialog box opens.

  6. Enter the App Portal service account User name and Password and click OK and click OK again to close the Application Pool Identity dialog box.