Install Agents › Post-installation Tasks for Agents › Configure Agents to Run as the Standard Low-Privileged User

Configure Agents to Run as the Standard Low-Privileged User

The programs described in this section apply to an agent installed on a host with a Windows operating system. These programs do the following:

• Create the standard user account used for all CA Process Automation agents.
• Assign this agent required rights on the local host.

Note: These programs have not been validated to work with all versions of Windows.

If these programs do not work on your version of Windows, configure the settings manually. Use the Group Policy Editor in the Windows Administrative Tools.

Before you begin, determine the user account user_name or group_name to use as a standard on all installed agents and Orchestrators. You can use an ordinary user account. It does not need to be a Domain account with Administrative rights.

Follow these steps:

1. Open a command prompt. For example, Run cmd.
2. Navigate to the following directory:

   agent_install_dir\PAMAgent\.c2orepository\public\tools 
   

3. Type the following command:

   itpamsvcacct.bat user_name|group_name
   

   The user account is created with the name you specified.

4. Type the following five commands. (You can type a single command and use a space as a delimiter between rights.)

   itpamassgnrights.exe user_name host_name + SeTcbPrivilege
   

   itpamassgnrights.exe user_name host_name + SeCreateTokenPrivilege
   

   itpamassgnrights.exe user_name host_name + SeServiceLogonRight
   

   itpamassgnrights.exe user_name host_name + SeBatchLogonRight
   

   itpamassgnrights.exe user_name host_name + SeAssignPrimaryTokenPrivilege
   

   The user account you specified has the privileges required to run the agent on the specified local host.