Run RPM 5.x as a non-privileged user
Problem: RPM Remote Print Manager® 5.x runs as the local System account by default. In some rare circumstances, it may be desirable to run RPM as a non-privileged user account. This can create permissions-related complications and file access.
Solution: RPM 5.x can run as a non-privileged user by following the steps below. These instructions are provided as-is, are not fully supported, and are not guaranteed to work on all Windows systems. Additional steps or changes to these steps may be necessary.
- Disable UAC (if using an Operating System that supports it).
- Create a domain user for the RPM Service with a password that meets the password restrictions.
- Assign the RPM User the same permissions as the Network Service account:
- Adjust Memory Quotas for a Process.
- Bypass Traverse Checking.
- Create Global Objects.
- Generate Security Audits.
- Impersonate a Client after Authentication.
- Replace a Process Level Token.
- Provide the RPM User Full Access to the RPM license registry hive:
- 32-bit - HKey_Local_Machine\Software\Brooks Internet Software
- 64-bit - HKey_Local_Machine\Software\Wow6432Node\Brooks Internet Software
- Provide the RPM User with Read / Write permission to the Directory which contains the RPM Database:
- For Windows 2008 / Vista / 7 - c:\ProgramData\Brooks Internet Software\RPM
- For Windows XP, 2000, 2003 - c:\Documents and Settings\All Users\Application Data\Brooks Internet Software\RPM
- Configure the RPM Remote Print Manager Service to start with the RPM User Account (Logon as Service right should be granted when you are prompted).
Note: You'll be required to complete step 6 again after every upgrade or reinstall.