Run RPM 5.x as a non-privileged user

Problem:  RPM Remote Print Manager® 5.x runs as the local System account by default. In some rare circumstances, it may be desirable to run RPM as a non-privileged user account. This can create permissions-related complications and file access.

Solution:  RPM 5.x can run as a non-privileged user by following the steps below.  These instructions are provided as-is, are not fully supported, and are not guaranteed to work on all Windows systems.  Additional steps or changes to these steps may be necessary.

  1. Disable UAC (if using an Operating System that supports it).
  2. Create a domain user for the RPM Service with a password that meets the password restrictions.
  3. Assign the RPM User the same permissions as the Network Service account:
    1. Adjust Memory Quotas for a Process.
    2. Bypass Traverse Checking.
    3. Create Global Objects.
    4. Generate Security Audits.
    5. Impersonate a Client after Authentication.
    6. Replace a Process Level Token.
  4. Provide the RPM User Full Access to the RPM license registry hive:
    1. 32-bit - HKey_Local_Machine\Software\Brooks Internet Software
    2. 64-bit - HKey_Local_Machine\Software\Wow6432Node\Brooks Internet Software
  5. Provide the RPM User with Read / Write permission to the Directory which contains the RPM Database:
    1. For Windows 2008 / Vista / 7 - c:\ProgramData\Brooks Internet Software\RPM
    2. For Windows XP, 2000, 2003 - c:\Documents and Settings\All Users\Application Data\Brooks Internet Software\RPM
  6. Configure the RPM Remote Print Manager Service to start with the RPM User Account (Logon as Service right should be granted when you are prompted).

Note: You'll be required to complete step 6 again after every upgrade or reinstall.