Do the protect accounts need to be in the local admin group?
When the DLP product is installed a service account named 'protect' is created by the installation and placed in the local 'users' group.
At the same time another service account named 'protect_update' is created by the installation and placed in the local 'Administrators' group.
The 'protect_update' account needs to be in the local admin group because when it comes time to push out updates and hotfixes, if this account is not in the local admin group the installation will fail.
It is also important that the 'protect' user account NOT be a member of the local admin group. If the 'protect' user account is a local admin, an upgrade will fail because we use the 'protect' user to kill java processes. A local admin can kill the updater.
Imported Document ID: TECH220542
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.