Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Can I run the NTSMF collection service under a User Account, instead of LocalSystem (or SYSTEM)?

account collection NTSMF run service system user

1 Answer

0

No, to function properly the NTSMF collection service should be set up to run under the LocalSystem (or SYSTEM) account. The LocalSystem (or SYSTEM) account is a built-in account used by many services with an extraordinary level of privileges for accessing local system resources. These include privileges that cannot be granted to any User Account, include members of the Administrators group. The NTSMF collection service requires these SYSTEM-level privileges for some data collection functions. More specifically, the Module collection function requires the PROCESS_QUERY_INFORMATION process-specific access right, which can only be granted programmatically by a process running with System level privileges to begin with. Unfortunately, there is no User Right that you can grant a User Account that allows the Performance SeNTry collection service to execute the EnumProcessModules Win32 function call it makes to enumerate all the modules loaded in a process. You can run the NTSMF collection s

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123