Hi there, unbelievable, but there is nothing to find in documentation, which describe how to setup a user-id-agent with limited access. Is everybody out there running it with full access? Andre, configure your user as you describe by yourself. The account need the grant "logon as a service" on the machine it runs on and the "EventLog Readers" grant on AD servers as described in official doc. Additionally , on the machine the agent is running, you have to do the following steps (thanks to Sysinternals Process Monitor): 1.) Grant read-write access to the program directory of the user-id agent for the ua-user (e.g. on 32Bit OS: "C:\Program Files\Palo Alto Networks", on 64Bit OS: "C:\Program Files (x86)\Palo Alto Networks") . 2.) Grant read-write access to the "Palo Alto Networks" registry key (e.g. on 32Bit OS: "HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks", on 64Bit OS: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Palo Alto Networks") That's it, hope this helps you.
... View more