About the App Portal Service Account

App Portal 2021 R1

Prior to installing App Portal / App Broker, you need to identify and configure an App Portal / App Broker service account. This service account will be used for App Portal / App Broker’s interaction with SQL Server and Active Directory.

App Portal / App Broker Service Account Required Permissions
Required Updates if the Password of the App Portal Service Account Changes

App Portal / App Broker Service Account Required Permissions

The App Portal / App Broker requires the following permissions:

Required Permissions for App Portal / App Broker Service Account

Entity

Required Permissions

SQL Server

System administrator (SysAdmin) permission, including permission to create the App Portal / App Broker database.

System Center Configuration Manager / Altiris Database

Full administrator access, including read (db_datareader) and EXECUTE access on the Microsoft System Center Configuration Manager or Altiris Client Management database in SQL.

App Portal / App Broker Database

DBO permission on the App Portal / App Broker database, including read/write permission.

Client Workstations

Whether or not the App Portal / App Broker service account requires administrative permissions on the client workstations depends upon the deployment technology that you are using.

System Center 2012 Configuration Manager or System Center Configuration Manager (Current Branch)—The App Portal / App Broker service account does not require administrative permissions on the client workstations.
Altiris—The App Portal / App Broker service account requires full administrative permissions on the client workstations. These permissions are used by App Portal / App Broker to run machine policy evaluation for accelerated software deployments and rerunning advertisements as necessary. They are also used if client-side commands and actions have been created within App Portal / App Broker.

Important:The App Portal / App Broker service account must continue to have these permissions even after the installation is complete.

Required Updates if the Password of the App Portal Service Account Changes

If you change the password of the App Portal service account after you have installed App Portal, you need to also update the password for both the ESDService Windows Service and the SelfService application pool in IIS.

Required Updates if Password of App Portal Service Account Changes

Location

Steps to Take

ESDService Windows Service

You need to update the App Portal service account password on the ESDService Windows Service on the App Portal web server.

To update the password on the ESDService Windows Service:

1. On the App Portal web service, open the Services Microsoft Management Console.
2. Select the ESDService in the list and double-click to open the Properties dialog box.
3. Open the Log On tab and update the password.

SelfService Application Pool in IIS

You need to update the App Portal service account password on the SelfService application pool in IIS on the App Portal server.

To update the password on the SelfService application pool in IIS:

1. On the App Portal web service, launch Internet Information Services (IIS).
2. In the Connections tree, select Application Pools.
3. In the Application Pools list, select SelfService and click Advanced Settings in the Actions menu.
4. Under Process Model, click the browse button in the Identity field. The Application Pool Identity dialog box opens.
5. Click Set next to Custom account. The Set Credentials dialog box opens.
6. Enter the App Portal service account User name and Password and click OK and click OK again to close the Application Pool Identity dialog box.