1. Home
  2. Categories
  3. Support
  4. Domain Account Permissions for BuildMaster Service

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Domain Account Permissions for BuildMaster Service

  • ?

    I need to run the BuildMaster service as a domain account. Does the domain account need any specific permissions on the server in order for BuildMaster to function correctly?

    Product: BuildMaster
    Version: 4.4.5

    0
  • ?

    At an absolute minimum, it needs read access to the service installation directory, write access to its temp directory specified in the app_appSettings.config file, and a database login with the BuildMasterUser_Role assigned to the BuildMaster database.

    Beyond that, it requires whatever other functionality is necessary for your build/deployment scenario. Some build tools require permissions to write to certain directories, and of course for deployment targets, you'll need read/write/delete access to those as well. Other extended functionality may include enumerating services, enumerating IIS websites or application pools, starting/stopping either, etc.

    0
  • ?

    Most functionality seems to work with the above suggestions, but the web app is complaining that it cannot query the status of the Buildmaster service. The specific error is "The BuildMaster web application does not have sufficient privileges to query the service status." I made the domain account a local admin and this issue was fixed but that is not an ideal setup. I verified that the domain account that is running the web app has Full Control over the entire Buildmaster directory, which should include everything for the service and web app as far as I understand it.

    0
  • ?

    Being able to a control a specific service is a special permission, and unfortunately it's a bit tricky to set. You can currently set the permission using one of the options with bmservice.exe, but on some versions of Windows it seems to have the unfortunately consequence of hiding the service from other users. We will get a fix for this soon ... in the mean time, you can keep it as LOCAL SYSTEM, grant admin, etc., or just ignore the message.

    0
  • R

    I know it's a little late. I had the same problem today and solved it by installing Microsoft Sysinternals SubInCal (https://www.microsoft.com/en-us/download/details.aspx?id=23510).

    Set the permissions with:

    cd "C:\Program Files (x86)\Windows Resource Kits\Tools\)"
subinacl.exe /service INEDOBMSVC /grant=domain\user=PTOS
    0
buildmaster 1056 installation 46
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation