Tentacle service permissions

I am using v1.6.x of Octopus. Tentacle on my server runs under a domain account (it needs to contact other machines in the domain). It also needs to configure IIS in the server using powershel WebAdministration module. My question is: does this account need to be a local admin, or is there a way to avoid it?

Hi Maciej,

It is possible to run Tentacle using custom permissions, but these add up to be almost equivalent to local administrator privileges anyway. There’s some discussion at: http://help.octopusdeploy.com/discussions/problems/64-installing-tentacle-under-workgroup-user-or-domain-account

Hope this helps,

Tthanks Nick.

I have figured out how to do almost anything, the only thing left (not working) is this step:

Start-Website -Name $ApplicationName

Do you have any idea what configuration I must add on IIS or system level to do this as a non-admin? I get access_denied.

Hi - no, not sure about this one.