The following steps will change the service account to another named account.
Update DLP Services to Use a New Logon Account
- Create a new account.
- Open Services.msc.
- Locate and stop the Symantec DLP Services.
REF: Stop/Start DLP Services in the correct order
- For each Symantec DLP Service, right-click the service name, and select properties.
- Update the "Log On" tab with the new user account and password.
- Note: The new account may have "Log on As A Service" right added upon saving the changes.
Update DLP Data Directory Permissions
- Open the Symantec DLP Data directory.
Default: \ProgramData\Symantec\DataLossPrevention\
- For each application directory, locate the current DLP version subfolder.
Example: \ProgramData\Symantec\DataLossPrevention\EnforceServer\15.8.00000
- Add special permissions for the new service account to access data directories and files.
- Right-Click the DLP version subfolder and select Properties.
- Open the Security tab.
- Select Advanced.
- Select Add.
- Principal: click on Select a Principal and locate the new service account user.
- Type: Allow.
- Applies to: This folder, subfolders, and files
- Basic Permissions: Full Control
Note: The time it takes to cascade this change varies between servers.
- Save changes by clicking OK on all dialog boxes.
- Start DLP Services
REF: Stop/Start DLP Services in the correct order
By default, the group membership needed to access application files is Users. However, if the new account cannot be a member of Users, please contact DLP Technical Support.
Update DLP Services Log on Password
- Open Services.msc.
- Locate and stop the Symantec DLP Services.
REF: Stop/Start DLP Services in the correct order
- For each Symantec DLP Service, right-click the service name, and select properties.
- Update the "Log On" tab with the updated service account password.
- Start DLP Services
REF: Stop/Start DLP Services in the correct order