Hi all! My question is, why splunk can't run a scripted input on Windows even though it has full access to that script?
Entry of inputs.conf:
[script://.\\bin\deploy.bat]
disabled = 0
interval = 300
index=windows
[script://.\\bin\update.bat]
disabled = 0
interval = 60
index=windows
These stanzas are responsible for installing and updating Sysmon on Windows servers and hosts. I deploy this configuration by deployment server to UFs. Splunk UFs ran by domain account. This account isn't admin.
Here, there is full access:
Here, as this user is running:
But in the logs I see that access is denied:
Please help me figure out why this is happening and how to solve it!