Can I configure the EventSentry Heartbeat Monitor service to run under the NETWORK SERVICE built-in account to increase security?

Article ID: 105
Category: Heartbeat Monitoring
Applies to: All Versions
Updated: 2017-04-21

Yes, you can configure the EventSentry Heartbeat Monitor service to run under the NETWORK SERVICE account for increased security. Follow the steps below to reconfigure the service:

  1. Using regedit.exe, navigate to:
    • (x86 system): HKLM\Software\netikus.net\EventSentry
    • (x64 system): HKLM\Software\Wow6432Node\netikus.net\EventSentry
  2. Right-click the EventSentry key and select "Permissions"
  3. Add the NETWORK SERVICE account to the list of users, and check the Allow check box next to both "Full Control" and "Read".
  4. Right-click the "c:\windows\system32\EventSentry\logs" folder and choose Properties, go to the Security tab. Add the NETWORK SERVICE account to the list of users, and check the Allow check box next to both "Full Control" and "Read".

  5. Navigate to Start -> Programs -> Administrative Tools -> Services

  6. Locate the "EventSentry Heartbeat Monitor" service

  7. Right-Click the entry and select "Properties"

  8. Select the "Log On" tab

  9. Under "This Account", manually enter NT AUTHORITY\NetworkService, and clear the password fields so that they are empty.

  10. Click OK and start / restart the service.

In most cases you will also have to change the ACLs of the EventSentry service on the remote machines using the subinacl.exe utility from the Windows Resource Kit. Please see section 2 of the KB article 41 (additional links below) for more information.