Hi Everyone,
I posted this before and I found a solution but when I took it to my corporate security team they did not approve turning off that setting. I am trying to run APPCMD command line via Rational Build Forge and the server security is too restrictive.
http://forums.iis.net/t/1207979.aspx?Server+Hardening+breaks+APPCMD+
I then found another solution that I thought would work and tested ok but then when I worked on it a couple of weeks later it didn't work so I must have tested it incorrectly. In the middle of the article about changing privileges on the service, I did it to BFAGENT, the build forge service. http://technet.microsoft.com/en-us/library/ee619740%28WS.10%29.aspx
In Local Security Policy (SECPOL.MSC), Local Policies -> Security Options, and then towards the bottom, User Account Control: Run All administrators in Admin Approval Mode. That is the setting that is causing me issues.
So I am back to square one researching for an alternate solution that I can take back to my security team and when I run the simple APPCMD List Sites, it says I do not have permissions. So I wonder if I adjust the NTFS permissions on IIS that might work. I played with my test server and added my service account to have full rights on the following path, C:\Windows\System32\inetsrv\config. That allows me to run APPCMD List Sites. I am really just wanting to stop & start an app pool but I need more rights.
Is there a document or does anyone know what other permissions/paths I need to adjust for my service account? I want to do the research to see if it is viable or if I should rule it out.
Yes I could try to run a Powershell script but that info is not captured in Build Forge, I am not sure if the security will impact it. Another alternate solution is to call a predefined scheduled task that has a check box to run with elevated privileges, it does work but it is not captured by Build Forge either.
Thanks in advanced
Chris Terpening