Update how-to-change-report-server-iis-user.md

knowledge-base/how-to-change-report-server-iis-user.md

@@ -1,6 +1,6 @@
 ---
 title: How to Create a Non-Privileged IIS User for Report Server and Service Agent
-description: This tutorial shows how to use a low-privileged user to host Report Server on IIS.
+description: "This tutorial shows how to use a low-privileged user to host the Report Server on IIS."
 type: how-to
 page_title: How to Run Report Server and Service Agent with Limited Permissions
 slug: how-to-change-report-server-iis-user
@@ -13,60 +13,62 @@ res_type: kb
 |  |  |
 |---------|-----------------|
 | Product | Progress® Telerik® Report Server |
-| Version | 10.1.24.514 |
+| Version | 10.1.24.514+ |
 
 ## Description
 
 This tutorial will show you how to change the Report Server's IIS application pool and service agent to use an identity with limited permissions.
 
 ## Solution
 
-1. Create a new Windows user with limited permissions, for example `RSUser`.
+1. Create a new Windows user with limited permissions, for example, `RSUser`.
 
-    ![](images/change-iis-user/1-add-new-user.png)
+	![Adding new Windows user with limited permissions to the system.](images/change-iis-user/1-add-new-user.png)
 
-    For more help, see [Microsoft Docs - Manage User Accounts in Windows](https://support.microsoft.com/en-us/windows/manage-user-accounts-in-windows-104dc19f-6430-4b49-6a2b-e4dbd1dcdf32).
+	For more help, see [Microsoft Docs - Manage User Accounts in Windows](https://support.microsoft.com/en-us/windows/manage-user-accounts-in-windows-104dc19f-6430-4b49-6a2b-e4dbd1dcdf32).
 
 2. Go to Telerik Report Server's installation directory (`C:\Program Files (x86)\Progress\Telerik Report Server`) and give `RSUser` full access permissions to the `Telerik.ReportServer.Web` and `Services` sub-folders.
 
-      ![](images/change-iis-user/2-add-permissions-to-rsuser.png)
+	![Allowing full control for the Telerik.ReportServer.Web and Services sub-folders of the Report Server installation folder to the new user.](images/change-iis-user/2-add-permissions-to-rsuser.png)
 
-    - Ensure the user does not have read or write permissions to any other folders.
-    - You can use any username you prefer, the `RSUser` recommended here applies the semantic naming practices.
-    - For more help, see [Microsoft Q&A - How do I set up user account and manage permissions](https://learn.microsoft.com/en-us/answers/questions/1389054/how-do-i-set-up-user-accounts-and-manage-permissio).
+	- Ensure the user does not have read or write permissions to any other folders.
+	- You can use any username you prefer, the `RSUser` recommended here applies the semantic naming practices.
+	- For more help, see [Microsoft Q&A - How do I set up user account and manage permissions](https://learn.microsoft.com/en-us/answers/questions/1389054/how-do-i-set-up-user-accounts-and-manage-permissio).
 
 3. Open Internet Information Services (IIS) Manager by selecting `Windows Key` + `R` to open the Run window, and then enter `inetmgr`.
-
 4. In the left column, expand the machine's node and select **Application Pools**. Right-click on the `TelerikReportServer` application pool and select **Advanced Settings** from the context menu.
 
-    ![](images/change-iis-user/2.5-locate-application-pool.png)
+	![Opening Advanced Settings of the TelerikReportServer Application Pool.](images/change-iis-user/2.5-locate-application-pool.png)
 
-5.	Select the **Identity** item and click the ellipsis button.
+5. Select the **Identity** item and click the ellipsis button.
 
-    ![](images/change-iis-user/3-open-iis-apppool-advanced-settings.png)
+	![Selecting the Application Pool Identity.](images/change-iis-user/3-open-iis-apppool-advanced-settings.png)
 
-6.	Select **Custom account**, click **Set…** and enter the name of the newly created user (for example, `RSUser`) and its password:
+6. Select **Custom account**, click **Set…**, and enter the name of the newly created user (for example, `RSUser`) and its password:
 
-    ![](images/change-iis-user/4-set-iis-apppool-identity.png)
+	![Changing the Application Pool Identity to Custom account and setting the credentials.](images/change-iis-user/4-set-iis-apppool-identity.png)
 
 7. Right-click the `TelerikReportServer` application pool and select **Recycle...** from the context menu.
-
 8. Open the Report Server Manager application in the web browser to confirm it is working with the new user identity.
+9. Open Windows's Services app by selecting `Windows Key` + `R` to open the Run window, and then enter `services.msc`.
+10. Scroll to the `Telerik.ReportServer.ServiceAgent` service instance:
 
-9.	Open Windows's Services app by selecting `Windows Key` + `R` to open the Run window, and then enter `services.msc`.
+	![Scrolling to the Telerik.ReportServer.ServiceAgent service instance.](images/change-iis-user/5-services-panel.png)
 
-10.	Scroll to the `Telerik.ReportServer.ServiceAgent` service instance:
+11. Double-click to show the service's **Properties** panel. Select the **Log On** tab.
+12. Click **This account** and enter the new user name (for example, `.\RSUser`) and its password:
 
-    ![](images/change-iis-user/5-services-panel.png)
+	![Changing the Log On credentials of the Telerik.ReportServer.ServiceAgent service.](images/change-iis-user/6-services-set-local-user.png)
 
-11.	Double-click to show the service's **Properties** panel. Select the **Log On** tab.
+13. Right-click `Telerik.ReportServer.ServiceAgent` and select **Restart** to restart the service with the new user.
+14. Ensure it is working by running a **scheduled task** or a **data alert** from the Report Server Manager web UI, or on the URL `http://{MachineNameHere}:82/ReportServer/ServiceAgent?wsdl`:
 
-12.	Click **This account** and enter the new user name (for example, `.\RSUser`) and its password:
+	If the Report Server Manager cannot connect to the Telerik.ReportServer.ServiceAgent, most probably the WCF service doesn't have a reservation for the corresponding port (the default one is `82`). Ensure reserving the port by running the proper [Netsh command](https://learn.microsoft.com/en-us/windows-server/networking/technologies/netsh/netsh-contexts) as an Administrator in the _command prompt_ or _terminal_. Here is a sample command that reserves port `82` for `ReportServer/ServiceAgent/` running under user `RSUser`:
 
-    ![](images/change-iis-user/6-services-set-local-user.png)
+	`netsh http add urlacl url=http://+:82/ReportServer/ServiceAgent/ user=RSUser`
 
-13.	Right-click `Telerik.ReportServer.ServiceAgent` and select **Restart** to restart the service with the new user.
+	If the default port `82` is already reserved by another application, you may change the port and reserve the new port as above, or release port `82` with the `delete urlacl` command and then reserve it with the above command. Here is a sample code releasing port `82` from the Telerik.ReportServer.ServiceAgent:
 
-14. Ensure it is working by running a **scheduled task** or a **data alert** from Report Server Manager web UI.
+	`netsh http delete urlacl url=http://+:82/ReportServer/ServiceAgent/`
 
-> Additional Actions: Consider adding the local user to databases used by Report Server data connections that utilize Windows Credentials login permissions.
+> Additional Actions: Consider adding the local user to databases used by Report Server data connections that utilize Windows Credentials login permissions.