Can I run the Performance Sentry Collection Service under a User Account, instead of LocalSystem (or SYSTEM)?

No, to function properly the Performance Sentry collection service should be set up to run under the LocalSystem (or SYSTEM) account. The LocalSystem (or SYSTEM) account is a built-in account used by many services with an extraordinary level of privileges for accessing local system resources. These include privileges that cannot be granted to any User Account, including members of the Administrators group. The Performance Sentry collection service requires these SYSTEM-level privileges for some data collection functions.

More specifically, the Module collection function requires the PROCESS_QUERY_INFORMATION process-specific access right, which can only be granted programmatically by a process running with System level privileges to begin with. Unfortunately, there is no User Right that you can grant a User Account that allows the Performance Sentry collection service to execute the EnumProcessModules Win32 function call it makes to enumerate all the modules loaded in a process.

You can run the Performance Sentry collection service under a User Account by following the guidelines discussed here and here.  All collection service functions will execute normally, once you grant the User Account the appropriate User Rights and Permissions. However, the Module collection function, introduced in version 2.4.4 will not run under a User Account. In order to collect Module identification data, you must run under the built-in LocalSystem (or SYSTEM) Account.

Comments are closed.