Question:
Can I configure the EventSentry Heartbeat Monitor service to run under the NETWORK SERVICE built-in account to increase security?
Answer:
Yes, you can configure the EventSentry Heartbeat Monitor service to run under the NETWORK SERVICE account for increased security. Follow the steps below to reconfigure the service:
1. Using regedit.exe (or regedt32.exe), navigate to HKLM\Software\netikus.net\EventSentry.
2. Right-click the EventSentry key and select “Permissions”
3. Add the NETWORK SERVICE account to the list of users, and chec the Allow check box next to both “Full Control” and “Read”.
4. If the files eventsentry_hb_svc_1.log and/or eventsentry_hb_svc_2.log exist in the %SYSTEMROOT% directory, then repeat step 3 for the file permissions of these files as well.
5. Navigate to Start -> Programs -> Administrative Tools -> Services
6. Locate the “EventSentry Heartbeat Monitor”
7. Right-Click the entry and select “Properties”
8. Select the “Log On” tab
9. Under “This Account”, manually enter NT AUTHORITY\NetworkService, and clear the password fields so that they are empty.
10. Click OK and start / restart the service.
In most cases you will also have to change the ACLs of the EventSentry service on the remote machines using the subinacl.exe utility from the Windows Resource Kit. Please see section 2 of the KB article 41 (additional links below) for more information.
