What are the Minimum Permissions for AgilePoint Server?

AgilePoint recommends the following security settings for the AgilePoint Service Account on the AgilePoint Server machine. These are the only permissions supported by AgilePoint out of the box:

System	Permissions	Notes
AgilePoint Server Machines	Local administrator ServiceLogon Member of the following groups: Administrator Performance Monitor Users IIS_IUSRS (Windows Server 2008 or 2012) IIS_WPG (Windows Server 2003) adHocAdmin Service Principle Name (SPN)	This user account will also be used to initially login to AgilePoint Enterprise Manager. If you are installing AgilePoint Server on a Domain Controller, this cannot be a local administrator account. The adHocAdmin group is required for AgileReports. You may need to create this group in your environment. In most cases, AgileReports is installed on the AgilePoint Server machine. SetSPN is required for Kerberos only. For more information, see Setting Service Principle Name (SetSPN).

If you are not able to provide these full permissions due to your company's IT policies, the following guidance applies:

System	Permissions	Notes
AgilePoint Server Component	Full control of AgilePoint installation folder. Full control of the Windows tmp folder. Full control of the system event log for the AgilePoint log entry. Read and write access for the folder c:\Application files\Common\Ascentn Read and write access to the Windows Registry. Read and write access to the performance counter for % CPU utilization. Permission to open all applicable ports as a listener. Outgoing access to your SMTP port. Outgoing access to your Active Directory port.
Additional components, for example AgileConnectors or AgileForms	Depends upon the component.	Permissions required vary widely, depending upon the component. For specific information, contact AgilePoint Professional Services.