Change the CRMAppPool Identity

Most likely this is recorded in a thousand places, but I had a hard time finding info about what steps need to be taken to change the identity of the CrmAppPool. All you need to do is:
- Create a user in Active Directory
- Make sure the user has Domain User rights
- Add the user to the PrivUserGroup of CRM
- Make sure the user has 'log on as a service' priviledge

The last step can be executed on two approaches:
- Go to 'Local Security Policy' in the administrative tools ('Domain Controller Secuirty Settings' on a Domain Controller) and add the user to 'Log on as a service'
- Add the user to the CRM_WPG group in AD. This group is member of the 'Log on as a service' policy.

Hope this saves you some time, at least now that I have this documented here I can find it back *smile*

4 comments:

James Kent said...

Hi,

I have been working on an auditing plugin for CRM 4.0 and have made it available via Codeplex.

See http://crmaudit.codeplex.com/

I couldn't find an email address so sorry about the irrelevant comment.

Cheers,
James

RRave said...

Dear Sir,

I have a launched new web site for .NET programming resources. www.codegain.com. I would like to invite to the codegain.com as author and supporter. I hope you will joins with us soon.

Thank You
RRaveen
Founder www.codegain.com

Shweta-Amol said...

Ping back from http://mscrmkb.blogspot.com/2009/07/change-identity-of-crm-apppool.html

Mira Ghaly said...

when i changed the identity of the CRMappPool the CRM gives me error "Access is denied"