Configuring the PI and IP21 Agents to run as a Different User

What Does This Article Cover?

This guide explains how to setup the Windows service for the PI and/or IP21 agents with different users than the default users when the service is installed.  The steps outlined in this article are used for the PI and IP21 agents since both are Windows only agents that run using the Microsoft .NET framework.  The article also explains how to grant permission to the certificate used by the agent in the Windows Certificate Store.

Prerequisites

• Administrative access to the Windows machine.
• HighByte Agent has been installed a Windows Service.
• Agent has been run with -installcert option to install certificate in Windows Certificate Store (version 4.3.1 or later).

Steps for Changing the User

1. Open Services
   • A quick way to do this is enter "services.msc" from the start or command window.
2. Find Agent
   • The agents start with the name "IntelligenceHub".
3. Right-click on the agent and select Properties.
4. Navigate to the Log On tab.   Select the "This account" option.  Enter the user name in the "This account" field and enter the password.
5. Press Apply.   
6. Restart Agent.

Steps for Providing Certificate Permissions

1. Open Windows Certificate Store for Local Computer
   • A quick way to do this is enter "certlm.msc" from the start or command window.
   • Note: If you run "certmgr.msc", this will open Windows Certificate Store for Current User.    You will not find the certificate in this store.  The -installcert option to installs the certicate into the store of the Local Computer.
2. Find Certificate that is setup to use by the PI Agent.
3. Right-click on the certificate and choose All Tasks > Manage Private Keys.
4. Add the user to permissions a give them "Read" permissions.  Then press Apply.
5. Restart Window Service for the Agent. 

• PI System AF SDK Connection
• AspenTech IP.21 Agent