Rights for Svc account and Services

Hi there,

Just to clarify this, do you mean PRTG's service account used for WMI requests? If not, what service account do you mean?

Best regards.

I am talking about the 2 PRTG Services. The PRTG Core Server Service and the PRTG Probe Service. They are running as Local System, so they have local admin rights. We were looking at changing them to use a less privileged account if they don't need the local admin rights to function correctly.

Also, we used a Domain Service account we created to to install PRTG. For the install to run correctly we had to make the account a local admin on the PRTG Server. Now that the installation is done we would like to reduce the service account privileges if we can.

Hi there,

PRTG needs access to all files related to the tool (Program Files, Program Data) and should be able to run EXE based sensors. Beside that there is not much rights needed.

Within the "services.msc" you can configure your service user for both services.

Best regards.

Thank you. As far as the domain service account we used for install. Should we be able to reduce it's rights now. I am thinking that after the install it is not used for other actions on the network, so we should be able to but I wanted to make sure I didn't miss anything.

Hi there,

You can install PRTG under any user you want - the services still run under "SYSTEM". Only if you change the logon user for the "PRTG Core" and "PRTG Probe" service via the "services.msc", then that user is used to run PRTG.

Best regards.

Correct. The services run under the local system account by default. I am trying to see what permissions are needed for these services so I can switch them to use a service account that is not the "local system" built in account. Security is the reasoning behind the questions since the :Local System" built in account is basically a local administrator on the box.

Thanks

Thanks