We're updating some of our product names. K2 Five will soon be Nintex Automation On-Prem. You may see both product names in our help pages while we make this change.

IIS Permissions for App Pool Accounts

The following section describes how to configure IIS permissions for Application Pool Accounts.

The Application Pool Accounts used in a K2 installation are:

Setting Application Pool Rights

The K2 Application Pool Identity accounts will require elevated permissions to run the application pool. We will use the aspnet_regiis command to configure this. This tool ships with the .NET Framework, and enables you to easily set all the necessary NTFS permissions, IIS_WPG group membership, security policy user rights assignments, and IIS metabase access rights to allow and ASP.NET Application Pool Identity to work. For more information, see the MSDN article on setting security rights for .NET Applications, at http://msdn2.microsoft.com/en-us/library/ms998297.aspx.

To use the aspnet_regiis command, perform the following steps:

Open a command prompt (Start > Run > cmd).
Change directories to the .NET Framework folder (C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319).
Type aspnet_regiis -ga domain\[Application Pool account] (the application pool user account used for the site) and hit Enter.
After the command completes, type iisreset and hit Enter.

IIS Group Membership

The K2 Web Service Account must be added to the IIS_IUSRS group. To achieve this follow the steps below:

Go to Active Directory Users and Computers.
Select the domain containing the service account.
Click on the Builtin folder and the IIS_IUSRS group will be visible.
Right click on the IIS_IUSRS group, select Properties.
Next click on the Members tab, then the Add button.
Enter the name of the K2 Web Service User account in part or whole into the Add User field.
Click Check Names, to confirm the name or make a selection if there are more than one with similar naming.
Click OK.
Click OK when complete.