Overview

The least privileged principle is a critical cybersecurity mindset that improves your cybersecurity posture by scrutinizing authentication and authorization of accounts in your environment. The following walkthrough will guide you through the necessary steps to provision a service account with minimal access to the local system and allow SAM to run successfully.

Walk-through 

Step 1. Create a service account for SAM to use.

Step 2. Provision the service account with "full control" to the following on the local system.

1. Snare Certificate in the cert store  

   1. Right-click> All Tasks > Manage Private Keys.

Open

2. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Intersect Alliance\SnareAgentManager

   1. Right-click > Permissions > Add the service account with full control

   2. Open

      

3. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My  

   1. Right-click > Permissions > Add the service account with full control

4. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion

   1. Right-click > Permissions > Add the service account with full control

4. C:\program files\Intersect Alliance\Snare Agent Manager

   1. Right-click > Properties > Security> Add the service account with full control

Once all the above is complete go to Services.msc and select the Snare Agent manager service, Right click and open Properties.

Select the login tab and input the details of your service account.

Click apply, and close the window.

Then restart the service and test you can access the SAM web UI.