Forum Discussion

rob_wood_8894's avatar
rob_wood_8894
Brass Contributor
May 04, 2022

Sensor Updater Service won't start under the context of a Service Account

Hello,

 

Installed the sensor on a DC and managed to get the Sensor Service started running under the context of the service account but not the Updater Service.  The Updater Service will only run under Local System.  The only way we could get the sensor service to start was to add the service account into the Built in Performance Log and Performance Local groups.

The documentation only mentions that the service account needs 'Log on as a service' user right which has been assigned.

Any thoughts?

Rob

  • EliOfek's avatar
    EliOfek
    May 04, 2022
    No, as far as I know the same permissions should work the same in the old native portal and the new security portal.
    If you see it work differently, where you can access one but not the other I suggest to open a support case.
  • The updater is running as local system thus should have the permissions without any change. The sendir service account inherits local service, and should also have permissions by default. Most likely the system was hardened compared to default.
    • rob_wood_8894's avatar
      rob_wood_8894
      Brass Contributor
      On a quick side issue, i've got all of this up and running in the Defender 365 Security center. It would appear that the only rights that will allow me access to Identity settings and incidents and alerts is Azure Global Admin. Is this correct?
      • EliOfek's avatar
        EliOfek
        Icon for Microsoft rankMicrosoft
        By default global or security admin.
        On workspaces creation new groups were created in your aad for admin, user and viewer roles, and you can add specific accounts there

Resources