If you want to change the account that is running the Portal for ArcGIS (Windows) service, you can do so by using the configureserviceaccount utility.
Changing to a local or domain account
To change the Portal for ArcGIS account to a local or domain user, use the configureserviceaccount utility.
The configureserviceaccount utility is installed in the <Portal for ArcGIS installation directory>\tools\ConfigUtility directory. This tool sets the new account to run the Portal for ArcGIS service and grants required privileges on Portal for ArcGIS directories used by the service.
In the example below, configureserviceaccount sets the domain account to run the Portal for ArcGIS service, grants this account the privileges required on Portal for ArcGIS system folders and files, and writes a configuration file with these settings to disk.
configureserviceaccount.bat --username mydomain\username --password difficultpsswd --writeconfig c:\temp\domainaccountconfig.xml
Note:
Changing the account under which the service runs causes the service to restart.
The available parameters for the configureserviceaccount utility are as follows:
configureserviceaccount [--username username] [--password password] [--readconfig user-configure-file] [--writeconfig user-configure-file]
- username—The name to use for the Portal for ArcGIS account
- password—The password for the Portal for ArcGIS account
- readconfig—Optional path to a configuration file that you have saved from a previous run of the utility
- writeconfig—Optional path where a configuration file will be saved so you can apply the same properties in future runs of the utility
Changing to the LocalSystem account
When you install Portal for ArcGIS, you specify the account that runs the Portal for ArcGIS service. If you've specified a local or domain user and want to switch to the LocalSystem account, follow the steps below. Your portal will be offline while changing the account.
Keep in mind that the LocalSystem account is not intended for accessing network locations. Therefore, if your content directory is on a network share, you'll need to move it to a local directory before proceeding. To learn more, see Changing the portal content directory.
- In Windows, go to Control Panel > Administrative Tools and open Services.
- In the services list, right-click Portal for ArcGIS and select Properties.
- On the General tab, click Stop.
- Click the Log On tab and select Local System account from the log on as options.
- Click the General tab and then click Start. The Portal for ArcGIS service is started and is now running as the Local System account.
- Click OK.
Changing to a group managed service account
A group managed service account (gMSA) is a special Active Directory domain account that provides automatic password management. The account cannot be used for interactive logons and is restricted for use on only a predefined group of servers.
Starting at 10.8, the configureserviceaccount utility can be used to configure the Portal for ArcGIS service to run under a gMSA. For the user name parameter, the gMSA can be specified either with or without the $ symbol at the end. The password parameter is not needed. The readconfig and writeconfig parameters both function the same with a gMSA.
Legacy:
Prior to 10.8, the portal could only be configured to use a gMSA for its service account using PowerShell. See this Knowledge Base article for steps.