At version 10.9.1 (and recent earlier versions), the Esri documentation for setting up a custom Python geoprocessing environment for all services states...
"Sign in to your ArcGIS Server machine with the ArcGIS Server account..."
Like many organizations, we use a domain service account to run ArcGIS Server. It's contrary to our policy (and security best practices) to grant service accounts more permissions than are strictly necessary, including remote desktop access. I'd like to suggest the Windows documentation be updated to something like the following, which works perfectly:
- Sign in to your ArcGIS Server machine as an administrator
- From the Start Menu, choose Run
- In the Run dialog enter the following:
runas /user:[your_arcgis_server_account] cmd.exe
- Enter the ArcGIS Server account password
- Change directory to... [remaining steps are the same]
This works fine for setting up and swapping to a custom conda environment without expanding the security footprint of the service account. I've never needed to RDP to an ArcGIS server using our service account before, so this stuck out to me. That said, ArcGIS Enterprise 10.9.1 has been great. Thanks for all your hard work!
