This topic details the list of permissions you must have in order to install the Splunk App for Windows Infrastructure.
Administrative access to Active Directory
In order to make changes to Active Directory services, such as enabling debug logging in DNS and increasing Active Directory audit policy, you must be a domain administrator in the Active Directory domain(s) you want to monitor.
Administrative access to Windows servers
You must have administrative access to all Windows hosts in the Splunk App for Windows Infrastructure deployment. The hosts in the deployment require this access to install Splunk Enterprise. Any hosts in the field also require this access to install universal forwarders. Splunk Enterprise must run as a user with administrative access to the host (usually, the Local System user).
Platform and hardware requirements
What data the Splunk App for Windows Infrastructure collects
This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.4.2, 1.4.3, 1.4.4, 1.5.0, 1.5.1, 1.5.2, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4