Permissions

  • To avoid permission issues, install the agent as the same user who owns the Machine Agent files or as an administrator on the host machine.

  • All files in the <machine-agent-home> installation directory should be readable by the Machine Agent.
  • The user that runs the Machine Agent must have write privileges to the logging output directory and to the / conf directory in the agent installation directory.
  • If you plan to enable the JVM Crash Guard, review the required permissions for JVM Crash Guard.
  • To create a non-root user to run the Machine Agent, see Permissions Required to Run the Machine Agent.
  • Windows permissions for files and subfolders are inherited by default from the parent folder (<machine_agent_home>). We recommend that you restrict permissions to users authorized to start, stop, and configure the Machine Agent:
    • Read and Write permissions to all files and subfolders under <machine-agent-home> .
    • If running as a:
      • Terminal application, then restrict Read, Write, and Execute permissions for the file <machine-agent-home>\bin\machine-agent.vbs.
      • Service, then restrict Start, Stop, and Restart permissions for the Machine Agent service. You only need admin privileges to install the service. The Machine Agent runs under the local system account which has extensive privileges on the local system. However, if WMI access is revoked, then you must run the Machine Agent as Administrator. Typically, users do have WMI access. See User Account Control and WMI.
  • Enable Windows Script Host for the Windows Machine Agent.