Permissions and access rights for a non-administrator user

You can run the monitoring agent for Skype for Business Server agent as a non-administrator user; however, some functions are inaccessible.

Registry Permissions

To create a non-administrator user, create a new user (non-administrator) and set up registry permissions for the new user as follows.

  • Full access to the KEY_LOCAL_MACHINE\SOFTWARE\IBMMonitoring
  • Full access to the CANDLE_HOME directory

The non-administrator user must be a member of the Performance Monitor Users and Performance Log Users. If you define these permissions for a non-administrator user, data is displayed for all the Perfmon-based attribute groups.

To view attribute groups' data collected from Database

If you want to view data for attribute groups that is collected from database, you must set up the following permissions for the non-administrator user.

  • The non-administrator user account that you use to run the Skype for Business Server agent must have the Debug Program permission to add a debugger to any process.

    By default, the Debug Program permission is assigned only to the administrator and Local System accounts. To grant the Debug Program permission, you must complete the following steps on the Lync or Skype for Business Server:

    1. Click Start > Administrative Tools > Local Security Policy. The Local Security Settings window opens.
    2. Expand Local Policies and then click User Rights Assignment. The list of user rights opens.
    3. Double-click the Debug Programs policy. The Debug programs Properties window opens.
    4. Click Add User or Group. The Select Users or Groups window opens.
    5. In the Enter the object names to select field, enter the user account name to whom you want to assign permissions, and then click OK.
    6. Click OK.
  • Grant Log on as Service permission

    To grant the Log-on as service permission, you must complete the following steps on the Lync or Skype for Business Server:

    1. Click Start > Administrative Tools > Local Security Policy. The Local Security Settings window opens.
    2. Expand Local Policies and then click User Rights Assignment. The list of user rights opens.
    3. Double-click the Log-on as service policy. The Log-on as service Properties window opens.
    4. Click Add User or Group. The Select Users or Groups window opens.
    5. In the Enter the object names to select field, enter the user account name to whom you want to assign permissions, and then click OK.
    6. Click OK.

The Availability attribute group show data for users who are members of the Administrators group.