FAQ: Run RPM 5.x as a Non-Privileged User

Problem:  RPM Remote Print Manager® 5.x runs as the Local System account by default. In some environments it is desirable to limit access to the Local System Account and run RPM as a Non-Privileged User. This can create complications related to permissions and file access.

Solution:  RPM 5.x can run as a Non-Privileged User by following these steps:

1. Disable UAC (if using an Operating System that supports it).
2. Create a Domain User for the RPM Service.
3. Assign the RPM User the same permissions as the Network Serivce account:
   1. Adjust Memory Quotas for a Process.
   2. Bypass Traverse Checking.
   3. Create Global Objects.
   4. Generate Security Audits.
   5. Impersonate a Client after Authentication.
   6. Replace a Process Level Token.
4. Provide the RPM User Full Access to the HKLM\Software\Brooks Internet Software registry hive.
5. Provide the RPM User with Read / Write permission to the Directory which contains the RPM Database:
   1. For Windows 2008 / Vista / 7 - c:\ProgramData\Brooks Internet Software\RPM
   2. For Windows XP, 2000, 2003 - c:\Documents and Settings\All Users\Application Data\Brooks Internet Software\RPM
6. Configure the RPM Remote Print Manager Service to start with the RPM User Account (Logon as Service right should be granted when you are prompted).