Can a run the EventSentry Collector Service as a non-privileged account like NETWORK SERVICE?

Yes. However, if you change the service account used for the Collector, you will not be able to re-use the existing certificate, as a new one must be created when the Collector starts under a different account This will require a manual configuration update (Push Configuration) for your agents, as they will otherwise refuse to connect to the Collector when the certificate has changed.

If you still wish to run the EventSentry Collector Service as a non-privileged account such as "NETWORK SERVICE" follow the steps below:

• Navigate to %SYSTEMROOT%\system32\eventsentry and give the account "FULL CONTROL" to that directory.

• 64-bit Windows: Open "regedit" and give the "NETWORK SERVICE" account "FULL CONTROL" to the "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\netikus.net\EventSentry" key

• 32-bit Windows: Open "regedit" and give the "NETWORK SERVICE" account "FULL CONTROL" to the "HKEY_LOCAL_MACHINE\SOFTWARE\netikus.net\EventSentry" key

• Open "services.msc" and then right click on the "EventSentry Collector" service and select "Properties > Logon" and change it to run as the new account and then restart the service.