Need information on the Data Loss Prevention service_user account used during an upgrade.
Article ID: 184427
Data Loss Prevention Enforce
What happens to the DLP service_user account during an upgrade? Do you need a new account or can you use the existing account?
Essentially what happens is the upgrade keeps both versions of DLP(new and old) until the old instance is deleted. When a new service account is used, the old service account is no longer valid because it changed. This also means that the old install will no longer work.
Symantec Engineering does not take a stance on using the same user account versus a new one, however, if you are planning on keeping the older install around, then you should consider keeping the account the same.
We have verified that if you keep the accounts the same and remove the old install, it does not remove the old user accounts so this should not be an issue. So our recommendation is that you keep them the same unless there is a reason for a new one.
The same is true for using different accounts – nothing is affected by removing the older install except that you lose the option to run the older version if needed. We have run some tests and after uninstalling the old version the account was still present and being used by the new version of DLP.