Setting Up Decisions to Run as a Non Admin User

Last Updated: 12/03/2015 Introduced in Verision: 2.0

Setting up Decisions to run as a Non Admin User


We begin with creating a New User that does not have administrator privileges in our OS.



We configure User…



Standard User created.



Next, we download the Decisions Installer and Install the program according to the Installation Documentation 


After Installation we will make changes so that we can run Decisions as a Non Admin User.



In SQLserver Management Studio run this query to create an SQL User that does not have Administrator privileges.  We will use this user to connect Decisions to the database.  If you already have a user then you may skip the query and connect Decisions to the Database via that user.


 Query runs successfully…


Next, we run the Decisions Installer and go into Edit Settings. 


We need to change the DatabaseConnectString to use the newly created SQL User and its Password.


Setting Access for User

In order to set Service Host Manager to use an account that does not have administrator privileges we need to run the commands below in the Command Prompt.  These commands will reserve the URL’s so that our user can listen on them.  We need to enable user access for WCF services to use IIS and these following commands will enable that.

Run these commands in Command Prompt

netsh http add urlacl url=http://+:80/decisions/socketmanager/ user=NonAdminUser

netsh http add urlacl url=http://+:80/decisions/primary/api/ user= NonAdminUser

netsh http add urlacl url=https://+:443/decisions/primary/api/ user= NonAdminUser

Exchange NonAdminUser for the user created in the OS in the commands above


Note: If we want to revert this process and set SHM back to Admin user, we are going to have to delete URL reservations.

Run these commands in Command Prompt to delete URL reservations

netsh http delete urlacl url=http://+:80/decisions/socketmanager/

netsh http delete urlacl url=http://+:80/decisions/primary/api/

netsh http delete urlacl url=https://+:443/decisions/primary/api/


Enable Other Access

We change LazyServiceHosting to False in Settings.xml (This file can be found at C:\Program Files\Decisions\Decisions Services Manager).  Without Lazy loading it will take longer for Service Host Manager to Load because it is loading all the services upfront.  With Lazy loading enabled the services are loaded as you need them.  In order to use Decisions with an account that is not an Administrator we need to disable Lazy Loading.


Next, we give our Non Admin User full access to the Decisions Directory (C:\Program Files\Decisions)


Then, we open Services and change Service Host Manager to use the Non Admin Account that was set up earlier.


Confirm that Non Admin User was granted log on to Service Host Manager.


Restart Service Host Manager and navigate to the Decisions Login screen to verify that it is now working.


Articles relevant to this process



Additional Resources