Forum Discussion
Getting error "Global is denied" on second DC
I'm getting error when I try to configure ATP (Defender) on second DC. Could you advice what could be the cause to fix. First configured DC is reporting on portal.
To fix the "Access to the registry key 'Global' is denied" error in Defender for Identity on your second domain controller, please try these steps.
- Run as Admin: Ensure you're running the setup with administrator privileges.
- Check Permissions: Verify that the Defender for Identity service account has access to the Global registry key.
- Restart Service: Restart the Defender for Identity sensor service.
- Update Software: Ensure Windows and Defender for Identity are updated.
- Check Event Viewer: Look for more details in Event Viewer logs.
If it still fails, consider contacting Microsoft Support.
Can you share more detail on point 2.
1. Open Registry Editor (Win + R, type regedit).
2. Find the Key - Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and locate the Global key.
3. Edit Permissions
- Right-click Global > Permissions.
- Add the Defender service account (e.g., NT SERVICE\Azure Advanced Threat Protection Sensor).
- Grant Full Control or Read access.
4. Restart Service - Restart the Defender for Identity sensor service.