Forum Discussion
rob_wood_8894
May 04, 2022Brass Contributor
Sensor Updater Service won't start under the context of a Service Account
Hello,
Installed the sensor on a DC and managed to get the Sensor Service started running under the context of the service account but not the Updater Service. The Updater Service will only run under Local System. The only way we could get the sensor service to start was to add the service account into the Built in Performance Log and Performance Local groups.
The documentation only mentions that the service account needs 'Log on as a service' user right which has been assigned.
Any thoughts?
Rob
- No, as far as I know the same permissions should work the same in the old native portal and the new security portal.
If you see it work differently, where you can access one but not the other I suggest to open a support case.
- EliOfekMicrosoftThe updater is running as local system thus should have the permissions without any change. The sendir service account inherits local service, and should also have permissions by default. Most likely the system was hardened compared to default.
- rob_wood_8894Brass ContributorOn a quick side issue, i've got all of this up and running in the Defender 365 Security center. It would appear that the only rights that will allow me access to Identity settings and incidents and alerts is Azure Global Admin. Is this correct?
- EliOfekMicrosoftBy default global or security admin.
On workspaces creation new groups were created in your aad for admin, user and viewer roles, and you can add specific accounts there