Running as a Non-Admin
  • 01 Jul 2022
  • 2 Minutes to read
  • Dark
    Light

Running as a Non-Admin

  • Dark
    Light

For security considerations and for service accounts, users may run the platform as a non-admin users. 

Only IIS installations may utilize this feature.

This article details how to configure an IIS installation to run with a standard, non-admin account.


Configuring Installation

  1. On the Windows device, create a standard account i.e. a user that is not a guest nor an administrator.

    Refer to Microsoft's Create a local user or administrator account in Windows article for further instruction.
  2. Download the installer and run it as an Administrator. Select INSTALL.
  3. After agreeing to the License Agreement, check the Show Service Settings in the Settings window. Then, hit next.

  4. In the Service Settings window, select Specify Account and provide the credentials for the non-admin account. Before the username, add a backslash "\".

    Upon selecting Next, the installer checks if the credentials are valid before continuing. Once correct, the installer will proceed.

  5. Follow the Installation Guide to install the platform with IIS hosting
  6. Login to the instance to confirm a successful installation. Proceed to the next section once done.



Configuring IIS

  1. Open the IIS Manager, expand the device's name in the left column menu, and then select Application Pools.

  2. Right click on the Application Pool referenced during installation e.g. "Decisions" by default and then select Advanced Settings.
  3. In the Advanced Settings window, edit the Identity setting by selecting the ellipses. Select Custom account and specify the credentials of the standard user account. Select Ok to confirm.
  4. Back in the Advanced Setting window, toggle the Load User Profile setting to True. Select Ok to confirm and exit out of the IIS Manager. 
    Proceed to the next section once complete.



Granting Folder Permissions for Non-Admin User

To run the platform successfully, the standard user account needs Read & Execute, Write, and Modify folder permissions for both the Decisions folder and the FileStorage folder if it is stored outside of the Decisions folder.

Without these permissions, files will not appropriately write and will appear as NULL in the Portal. Other file actions like Delete or Move may also fail without these permissions. 

Permissions must be applied to any System folder that the standard account needs to access.

  1. Right-click the Decisions folder, select Properties, then select the Security tab. 
  2. Select Edit > Add. Search for the standard account and then grant the necessary permissions. Select OK once done in both windows.

  3. If the FileStorage folder resides outside of the Decisions folder, repeat these steps for that folder.
  4. To confirm correct permissions, debug a Flow with the File Upload step, Look at its Input/Output Data. The Input/Output Data will be NULL when the permissions are not enabled correctly.

    If values are shown, then the permissions are correct and the instance is completely set up.



Was this article helpful?