Page Comparison

The application pool identity requires read access to the EmpowerID web site folders. If you are using SharePoint, the EmpowerID application pool requires read access to the SharePoint database and the SharePoint web site application pool needs the same rights to the EmpowerID database as the EmpowerID application pool.

Required Local Machine Rights

The EmpowerID service account interacts with the local machine to perform a variety of maintenance procedures, including the distribution and maintenance of new workflows and other Workflow Studio published items. The service account needs the following access rights on the local machine:

• Install files in to the local global assembly cache (GAC)
• Read the registry
• Read certificates in the local certificate store
• Spin child processes
• Run C# compiler in the background if and when necessary
• create files in the temp folder
• Run remote PowerShell for Microsoft Exchange, if that Server Role is enabled in EmpowerID
• Create files and folders in the following locations:
  • C:\ProgramData
  • C:\Program Files\TheDotNetFactory\Programs

Required Directory Management Rights

EmpowerID also utilizes highly privileged user accounts when connecting to user directories such as Active Directory, LDAP or database systems. These user "account stores" use saved proxy accounts for connecting to these systems and performing user account management operations. EmpowerID requires one privileged account per domain or directory. This account requires all of the privileges matching the functions that EmpowerID may perform (user creation, deletion, password reset, group creation, etc).