ArcGIS Server account permissions

2722
4
02-09-2014 02:35 AM
ShaharLevenson
New Contributor III
Hello,

My ArcGIS Server 10.2.1 is running under a domain account for the server account. I've been asked by the system admin why does the server account need full-control permissions to folders such as <ArcGIS for Server installation directory>\framework or the directories folder. Couldn't it just be given a read/write permission instead?

Thanks,
Shahar.
Tags (2)
0 Kudos
4 Replies
nicogis
MVP Frequent Contributor
Certainly a permission superior to reading & writing is needed for these folders: http://technet.microsoft.com/en-us/library/bb727008.aspx (see Special Permissions for Files and Folders)
0 Kudos
LeoDonahue
Occasional Contributor III
If you've chosen a local account, the local account and password must exist on each GIS server and be identical

Ask your system administrator why this works.  It's actually exploiting a security hole in the OS, my opinion. 

I would say a local account is fine, but a domain account is easier to manage.  If you change the password on a local account, you have to change it on every machine you use it on.

Also, according to the link you provided Shahar, what permission requires this: 
Start and stop processes that support the GIS server and services.

Doesn't the installation grant all the necessary permissions to a local account that you need?
0 Kudos
ShaharLevenson
New Contributor III
The installation process gave indeed the necessary permissions to the account.

My SysAdmin just asked me out of curiosity why the account needed such a high-level permission and I couldn't find an ESRI documentation which explains it.
I'm guessing the account needs to be able to delete files regardless of file permissions, but I'm not sure.
0 Kudos
LeoDonahue
Occasional Contributor III
High level permissions granted to a local user account that is defined to a specific application installation location.  That seems fairly reasonable.
0 Kudos