I am trying to install splunk with GPO. Previously, I installed it locally on the machines with a batch file with additional installation parameters.
Now I use the same batch file with a GPO and I get a system error 1376 "The specified local group does not exist"
Same user works when I install locally.
When I install locally I use domain\username.
The user is used to run the splunk service.
We have the same problem here. The “Performance Monitor Users” group does not exist on a domain controller. Accordingly, the domain account for the forwarder cannot be added.
I am having the issue on Windows clients.
Because the group isn't on Domain Controllers shouldn't splunk install clients anyway?
If I dont use my AD user to run the service I am able to install splunk from GPO. The installer creates a user and put it on NT Service.
The NT Service\splunk-user is not added to any of the required groups I do that manually.