Our admin created me a regular domain user to test low P and assigned it these privileges:
• Permission to log on as a service.
• Permission to log on as a batch job.
• Permission to replace a process-level token.
• Permission to act as part of the operating system.
• Permission to bypass traverse checking
I run this to test the automation:
msiexec /i splunkforwarder-6.3.2-aaff59bb082c-x64-release.msi AGREETOLICENSE=Yes INSTALLDIR=c:\SplunkUniversalForwarder RECEIVING_INDEXER=heavy.forwarder:9997 DEPLOYMENT_SERVER=deploy.server:8089 SET_ADMIN_USER=0 LOGON_USERNAME=DOMAIN\splunklpuser LOGON_PASSWORD=somethingclever /quiet /log lar.txt
The lar.txt log shows a 1603 permissions error and the `appdata\local\temp\splunk.log` shows this as the failure point:
Deployment Server not available on a dedicated forwarder
The communication path to the deployment server is open and if I install with LocalSystem, then it is successful.
What is my `DOMAIN\splunklpuser` userid missing?
↧