--- title: "Configuring Your Inedo Product to Run As a Windows Domain Account" order: 5 hidden: true ---
The example screenshots are from BuildMaster, but the process will be exactly the same no matter which one of our products you're using.
Refer to this table - depending on which product you are using, enter the coinciding name, or abbreviation, into each space that has a red [product's name] or [XX].
The Inedo Product You're Using | [product's name] | [XX] abbreviation |
![]() | BuildMaster | BM |
![]() | ProGet | PROGET |
![]() | Otter | OTTER |
During installation, you can select the user account that your product will run as:
For evaluation purposes, it's generally easiest to select "Local System" as that prevents most permissions issues, but once you've determined the exact use case for your installation, you can lock down permissions granularly by changing the user account to a domain user following the least-privilege principle.
Since Inedo products are made up of a web application (whether it's hosted through IIS or the Integrated Web Server) and a service that orchestrates builds and deployments, the user account must be changed in 2 places:
To change the user account for the [product's name] service, visit the Windows Services Management Console (Start > Run > "services.msc") and right-click on the [product's name] Service (INEDO[XX]SVC) and select Properties. Select the "Log On" tab, then enter the name of the account along with its credentials:
To change the user account for the [product's name] Integrated Web Server service, the process is the same as changing the account that hosts the [product's name] service, except the name of the service is "[product's name] Web Server" (INEDO[XX]WEBSRV).
If you are changing to an account that is not a machine administrator, you will also need to add a URL reservation for this user account to be able to host a website on the integrated webserver. Follow the instructions in KB#1014 to add a reservation for the user account.
Note: Explicit URL reservations are only required when using a non-administrator account and hosting with the integrated webserver.
To change the user account for the web application when it is hosted through IIS 7+, you must change the identity of the application pool that runs it. By default, it is named
"[product's name]AppPool". You can change the user by opening the IIS Manager, selecting "Application Pools", right-click on the [product's name] application pool, and selecting "Advanced Settings...", and under Process Model, you can change the identity:
If you are using integrated SQL authentication, you will also need to make sure that the user account has permission to access SQL Server, and must have the [product's name]User_Role role.
Inedo products support being run as a Managed Service Accounts. However, this requires that your database and application pool also have the ability to run as and accept logins from these accounts.