Change log on user or password for Symantec DLP services (Windows Server)
search cancel

Change log on user or password for Symantec DLP services (Windows Server)

book

Article ID: 169571

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention

Issue/Introduction

You would like to use another user account to run Symantec DLP services or change the service account password.

 

Environment

Windows server environment.

Resolution

The following steps will change the service account to another named account.

Update DLP Services to Use a New Logon Account

  1. Create a new account. 
  2. Open Services.msc.
  3. Locate and stop the Symantec DLP Services.
    REF: Stop/Start DLP Services in the correct order
  4. For each Symantec DLP Service, right-click the service name, and select properties.
  5. Update the "Log On" tab with the new user account and password.
    • Note: The new account may have "Log on As A Service" right added upon saving the changes.

Update DLP Data Directory Permissions

  1. Open the Symantec DLP Data directory.
    Default: \ProgramData\Symantec\DataLossPrevention\
  2. For each application directory, locate the current DLP version subfolder.
    Example: \ProgramData\Symantec\DataLossPrevention\EnforceServer\<DLP_version>
  3. Add special permissions for the new service account to access data directories and files.
    1. Right-Click the DLP version subfolder and select Properties.
    2. Open the Security tab.
    3. Select Advanced.
    4. Select Add.
      1. Principal: click on Select a Principal and locate the new service account user.
      2. Type: Allow.
      3. Applies to: This folder, subfolders, and files
      4. Basic PermissionsFull Control
        Note: The time it takes to cascade this change varies between servers.
    5. Save changes by clicking OK on all dialog boxes.
  4. Start DLP Services
    REF: Stop/Start DLP Services in the correct order

By default, the group membership needed to access application files is Users. However, if the new account cannot be a member of Users, please contact DLP Technical Support.

Update DLP Services Log on Password

  1. Open Services.msc.
  2. Locate and stop the Symantec DLP Services.
    REF: Stop/Start DLP Services in the correct order
  3. For each Symantec DLP Service, right-click the service name, and select properties.
  4. Update the "Log On" tab with the updated service account password.
  5. Start DLP Services
    REF: Stop/Start DLP Services in the correct order
     

 

Additional Information

If the DLP Services account is the same account being used to log into the database, then to avoid an account lock-out, run the DBPasswordChanger utility as soon as possible after the Oracle Data Loss Prevention account password is changed.

Change the "protect" user password in the Oracle database

Powered by Wolken Software