Install universal forwarder Splunk-9.2.0.1-x64 fro...

trha_ · ‎05-23-2024

I am trying to install splunk with GPO. Previously, I installed it locally on the machines with a batch file with additional installation parameters.
Now I use the same batch file with a GPO and I get a system error 1376 "The specified local group does not exist"
Same user works when I install locally.
When I install locally I use domain\username.
The user is used to run the splunk service.

jho-splunk · ‎06-26-2024

Hi @trha_ ,

Would it be possible to somehow see a copy of this batch file?

Cheers,

- Jo.

Boxswurst · ‎05-29-2024

We have the same problem here. The “Performance Monitor Users” group does not exist on a domain controller. Accordingly, the domain account for the forwarder cannot be added.

trha_ · ‎05-30-2024

I am having the issue on Windows clients.

Because the group isn't on Domain Controllers shouldn't splunk install clients anyway?

If I dont use my AD user to run the service I am able to install splunk from GPO. The installer creates a user and put it on NT Service.

The NT Service\splunk-user is not added to any of the required groups I do that manually.

Install universal forwarder Splunk-9.2.0.1-x64 from GPO

splunkd

universal forwarder

Windows

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Are you a member of the Splunk Community?