Hello,
I am required to install some log forwarding software (Splunk) across our entire Windows environment. The software requires the following permissions on the service account that it runs under:
Full control over Splunk's installation directory
Read access to any files that will be indexed
Permission to log on as a service
Permission to log on as a batch job
Replace a process level token
Permission to act as part of the operating system
Permission to bypass traverse checking
I attempted to push these permissions out using a GPO but during testing I realized that while the GPO successfully granted these permissions to the splunk service account it also removed any other permissions for any other user accounts. For example the ONLY account with replace a process level token was the splunk service account, all other accounts were removed by the GPO.
I only want to add this account with the above permission, I don't want to alter any existing permissions and I need to push this out to the entire Windows Domain (this includes 2000, 2003, 2008, and 2008R2). Can this be done via GPO?
Thanks.