Agent Service Permissions

A more detailed discussion of how to configure the Liongard Agent service to run as a Windows or Active Directory user.

❗️

Windows 2012 R2 and Below

Liongard no longer supports Agents deployed on Windows Server versions older than 2012 R2.

A Liongard Agent, whether in the cloud or installed on-premises, runs each Liongard inspection. Most inspection jobs require some form of authentication to the target system. See our Permissions & Authentication document for more details.

For inspection jobs that authenticate via Active Directory directly, Inspectors like Active Directory, Windows Server, and SQL Server, our best practice is to run the On-premises Liongard Agent service itself as an Active Directory (or Windows) user from which it will derive its rights on the network.

Setup Process

Create Service Account

First, we will create an Active Directory (or local Windows, if appropriate) service account.

  • Create a user account called "LiongardAgent" (or follow your preferred naming convention) in Active Directory.
  • Assign the account the appropriate permissions for the inspectors you wish to run. A domain administrator account can be used, but for a more secure deployment, see our Least Privileges for Windows-based On-Premises Agents and Inspectors documentation.

Install the Liongard Agent

If not already completed, install the Liongard Agent on the server in question by following our Agent Deployment instructions. Reminder, you must install the agent with the service account you wish to use during the install process.

🚧

Password Change

If the password associated with the user that the Liongard Agent is running as changes, the password will need to be updated by either editing the Properties of the service in the Windows Services Control Panel or updated via a script/RMM solution.