ESP Workload Automation

Our security department would like to see us run our ESP agents for Windows under a service account as apposed to an Admin account.  I have not found anything that references this directly in the documentation.  Does anyone know what the requirement is?

It is possible to run the ID under a specific, you just need to make sure the service account has the required authority to do what is required of the agent.  It will need access to manage it's logs and files plus access to what is required by the workload it's running.  One thing I'm not 100% sure of is whether it restricts your ability to run jobs under multiple ID's on the same server.  Currently we pass in the user ID and password from ESP for all Windows jobs while the agent runs as Local System so we could have many ID's accessing the same server.  I have not tried to see if you can override the service ID when it is running something other than Local System, the agent documentation does not cover this for Windows.  For Unix/Linux it does state that running the agent as anything other than root restricts the ability to submit jobs under other ID's.

I'll post again if I get a chance to test this setup up on Windows.

ok, I did run a test by setting an to run the service as myself.  I'm in the administrators group on the server.  Running a test job from ESP that executes SET to dump the environment shows me as the user (I ommited the USER statement from the job definition).  I then added USER statement using a service account and it failed.  The CSF showed the following:

CCode Job Status            

1314 Insufficient privileges

So it certainly appears you are limited when using a specifc ID to run the agent.