What Should Be Setup For Orchestrator IIS App Pool - ApplicationPoolIdentity Account Or Custom Account?

system · January 3, 2025, 4:40pm

What should be setup for Orchestrator IIS app pool - ApplicationPoolIdentity account or custom account?

Note that selecting between using a built-in app pool account and a custom account for running an IIS app pool, such as in the case of UiPath Orchestrator, depends on various factors, including security requirements, permissions, and maintenance considerations. Both options have their advantages and potential challenges.

Built-in App Pool Account:

Pros:
- Simplifies management- Built-in accounts, such as Network Service or ApplicationPoolIdentity are managed by the system and it is not required to note about password changes or account expiration
- Generally has the necessary permissions to run web applications.
Cons:
- Limited permissions: Built-in accounts might have more limited permissions compared to a custom account. Depending on the requirements of the application, this could be a limiting factor.

Custom Account:

Pros:
- Fine-grained control: Specify a custom account with specific permissions tailored to your application's needs.
  - Separation of concerns: Using a custom account allows to isolate the application's identity from the built-in system identities.
Cons:
- Maintenance overhead: Custom accounts may require additional management, such as password changes, and could be subject to account lockouts or expirations.

In summary, both options are valid, and the choice depends on the specific requirements and the level of control needed over the application's security and permissions. In the case of UiPath Orchestrator, the recommended approach is to use a custom account for the IIS application pool. This will help to improve security and prevent unauthorized access to the Orchestrator server.

If the Orchestrator is working fine with the custom account before the app pools were stopped, it is likely that the problem is related to the expiration or locking of the custom account, rather than a problem with using a custom account in general. Therefore, it is recommended to continue using a custom account for the Orchestrator application pool, but to ensure that the account is not allowed to expire or lock.

For more details on IIS app pool permissions , check Microsoft doc here - Understanding identities in IIS .

Topic		Replies	Views
In Identity there are two option Custom & Application pool Help orchestrator , question , install	3	4110	July 24, 2022
When to use application pool identity versus custom account during orchestrator installation Academic Alliance question	1	2995	August 20, 2020
What password that use in identity for Apppool Help orchestrator	3	3307	April 14, 2021
Changing IIS AppPool Id Custom Account and SQL Server Login after installation Help orchestrator	3	2227	January 5, 2021
How to configure IIS and SQL to use an Integrated App Pool Identity Knowledge Base orchestrator	0	4243	April 15, 2021

What Should Be Setup For Orchestrator IIS App Pool - ApplicationPoolIdentity Account Or Custom Account?

What should be setup for Orchestrator IIS app pool - ApplicationPoolIdentity account or custom account?

Related topics