- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Installing Splunk 9.1.1.0 as a Local Admin on Windows OS using Ansible Playbook
Hi,
most of the splunk forwarder installed on servers are on NT Authority and will like to change this to local admin. I have tried modifying the ansible roles to fix the this but havent been successful any ideas on what can be done will be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
| USE_LOCAL_SYSTEM | Install the universal forwarder as a local system | 0 |
The default flag on install is 0 - update the install line to flag this set to 1.
This is no longer best practice for security so be prepared to update future installs to fit with best practices.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Everything that is needed should hopefully be found here:
https://docs.splunk.com/Documentation/Forwarder/9.1.1/Forwarder/InstallaWindowsuniversalforwarderfro...
| LOGON_USERNAME="<domain\username>" LOGON_PASSWORD="<pass>" | Provide domain\username and password information for the user to run the SplunkForwarder service. Specify the domain with the username in the format: domain\username. If you don't include these flags, the universal forwarder installs as the Local System user. |
The Troubleshooting at the bottom of the link could also lead to answers regarding permissions and local admin groups
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please how can I change from the default NT Authority to Local System account as the service Logon . I am trying to do this with Ansible
