Change log on user for Symantec DLP services (Windows Server)


Article ID: 169571


Updated On:


Data Loss Prevention Enforce


You would like to use another user to run Symantec DLP services on Enforce or Detection server. Scenario includes changing from local account (default installation) to domain account. 


Windows server environment.


The following steps will switch account to another account:

  1. Create a new account and grant permissions same as previous user (SymantecDLP by default). That is including Full Control over the Symantec DLP dIrectory and any Drop_* folders (located at the root of the installation drive).
  2. Stop the Symantec DLP services on the Windows Server in the following order:
    Enforce server:
    • SymantecDLPIncidentPersisterService
    • SymantecDLPDetectionServerControllerService
    • SymantecDLPManagerService
    • SymantecDLPNotifierService
    Detection server:
    •  SymantecDLPDetectionServerService
  3. Change the account tied to each service to the new account.
  4. Start the DLP services in reverse order