You want to use a dedicated Service Account (SA) to run the Symantec Data Center Security Server Manager service instead of the default 'Local System' account.

In order for the service to function correctly, the Service Account requires specific privileges.

Customer environments where the use of a Service Account is mandated by a Security Policy.

Based on internal testing, the following are the required Service Account properties:

Is DCS service account compatible with Group Managed Service Accounts (GMSA)? Yes
Local administrator rights required on the Management Server machine? Yes
Is used for ‘windows service, scheduled task, IIS, SQL 2012’? Yes
is used for any other service? Yes:

Symantec UMC Credential Service
Symantec UMC Telemetry Service

Password never expires ? Yes
Logon locally ? No
Logon interactively ‘RDP’ ? No
Logon as a service ? Yes
Logon as batch job ? Yes