Temporary Local Admin Rights for Tentacle Account

DocOck · 14 May 2021 19:49

Hi Octopus Support,

We recently created a new Octopus tentacle install script which also removes local admin rights from the tentacle service accounts we use. Instead we use the minimal level recommended in your documentation (registry location, Home directory, Running Service). However, there is this exception mentioned:

Additional permissions will be necessary depending on the kind of deployments Tentacle will perform (e.g. IIS configuration and so-on).

Is it possible–within the Octopus running process–to provide the tentacle service account temporary local admin rights on the server while it’s running IIS config deployments or other Windows related changes?

We are on version 2020.4.2.

Thanks,
Alex

jeremy.miller · 14 May 2021 21:11

Hey Alex,

Thanks for reaching out.

Unfortunately, there is no way to escalate privileges on the tentacle, so the account running the service will need to have all of the required permissions at all times. I’m sorry I don’t have better news for you.

Please let me know if you have any other questions or concerns.

Best,
Jeremy

system · 14 June 2021 21:11

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.