While you can run the agent as a Windows Administrator user, it is a better security practice to create a least-privileged account for the agent to use. This user account is referred to as the agent-user. You can give the agent-user any account name you like, such as elmagentusr. Create an agent-user account and grant this account access to Window security logs before you install the agent.
Note: You will specify the agent-user name and password during agent installation. The install program automatically assigns the minimum-required privileges on the agent installation directory and the agent service to the agent-user you specify. If you choose to specify an Administrator account during installation, you can create the agent-user account later, grant it access to the security logs, and assign the required privileges by running the AgentAuthUtil utility.
The base requirements for the least-privileged agent-user are the following:
To create the agent-user account, grant this account required permissions, and install the agent, you must be an administrator on the Windows server. To perform other agent-related tasks, you must log on to the CA Enterprise Log Manager server with an Administrator account.
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |