Solved: How can I change the user as which the Windows uni...

afternoon · ‎08-03-2011

I have installed the Windows universal forwarder to send local data only. Now I want to configure it to run as a different user so that I can use Windows Auth to query a database. Which configuration file should I modify to change the user and is there an example config stanza I could copy?

MarioM · ‎08-03-2011

actually on Windows UF you should only need to changes the splunkd service account in windows services.msc and the account should have those user rights assignments :

Full control over Splunk's installation directory

Read access to any flat files you want to index

Permission to log on as a service

Permission to log on as a batch job

Permission to replace a process-level token

Permission to act as part of the operating system

Permission to bypass traverse checking

View solution in original post

neklov · ‎09-20-2011

The information above can be found: http://docs.splunk.com/Documentation/Splunk/latest/Deploy/DeployaWindowsdfviathecommandline

MarioM · ‎08-03-2011

actually on Windows UF you should only need to changes the splunkd service account in windows services.msc and the account should have those user rights assignments :

Full control over Splunk's installation directory

Read access to any flat files you want to index

Permission to log on as a service

Permission to log on as a batch job

Permission to replace a process-level token

Permission to act as part of the operating system

Permission to bypass traverse checking

afternoon · ‎08-03-2011

Thanks! I didn't even think to just look in Services in Server Manager.

This isn't documented anywhere as far as I could find. Splunk Team: Would be a good thing to add! 🙂

How can I change the user as which the Windows universal forwarder runs?

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...