Change log on user for Symantec DLP services (Windows Server)

book

Article ID: 169571

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

You would like to use another user to run Symantec DLP services on Enforce or Detection server. Scenario includes changing from local account (default installation) to domain account. 

Environment

Windows server environment.

Resolution

The following steps will switch account to another account:

  1. Create a new account and grant permissions same as previous user (SymantecDLP by default). That is including Full Control over the Symantec DLP dIrectory and any Drop_* folders (located at the root of the installation drive).
  2. Stop the Symantec DLP services on the Windows Server in the following order:
    Enforce server:
    • SymantecDLPIncidentPersisterService
    • SymantecDLPDetectionServerControllerService
    • SymantecDLPManagerService
    • SymantecDLPNotifierService
    Detection server:
    •  SymantecDLPDetectionServerService
  3. Change the account tied to each service to the new account.
  4. Start the DLP services in reverse order