Running Replicate under a different account
You can run Replicate under an account with less privileges than the default account. Both the Qlik Replicate Server service and the Qlik Replicate UI Server service can be run under different accounts, as described in the following sections.
-
The Salesforce and MongoDB source endpoints are not supported when Replicate is run under a non-admin account.
- As some endpoints may require stronger privileges than others, running Replicate under an account with insufficient privileges may cause replication issues.
Changing the Qlik Replicate Server Service account
Changing the default Qlik Replicate Server Service Log On user for admin users
- Add the user to the "Log on as a service" policy in the "Local Security Policy".
- Edit the Qlik Replicate Server service to log on with the user.
- Restart the Qlik Replicate Server service.
- Open Task Manager and verify that the repctl.exe process is running under the specified user.
Changing the default Qlik Replicate Server Service Log On user for non-admin users
- Add the user to the "Log on as a service" policy in the "Local Security Policy".
-
Set the user as the Owner of the log.key, mk.dat, and muk.dat files.
The default location of these files is:
C:\Program Files\Attunity\Replicate\data
- Grant the user full control over the log.key, mk.dat, and muk.dat files.
-
Grant the user full control over the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Qlik\Qlik Replicate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\Repctl.exe
-
Grant the user full control over the Replicate jvm folder
The default location of this folder is:
C:\Program Files\Attunity\Replicate\jvm
-
For both the <INSTALL-DIR>\Attunity\Replicate and <INSTALL-DIR>\Attunity\Replicate\data folders, open the folder properties and set the folder permissions as follows:
- Grant the user full control.
- Click the Advanced button.
- In the Permissions tab, click the Change permissions button.
- Select Replace all child object permission entries with inheritable permission entries from this object and click OK.
- Grant the user write permission on <INSTALL-DIR>\Attunity\Replicate\endpoint_srv\bin.
-
If you have not yet registered your Replicate license, register it now.
-
Verify that the muk.dat file exists in <INSTALL-DIR>\Attunity\Replicate\endpoint_srv\data and then grant the user full control over this folder.
- Grant the user full control over any target folders defined in relevant target endpoints (for example, the Target folder specified in the File target endpoint settings).
-
If execution of user-defined commands is allowed, add the user to the "Replace a process level token" policy in "Local Security Policy".
- Edit the Qlik Replicate Server service to log on with the specified user.
- Stop the Qlik Replicate UI Server service.
- Restart the Qlik Replicate Server service.
- Start the Qlik Replicate UI Server service.
- Open Task Manager and verify that the repctl.exe process is running under the specified user.
Steps required after upgrading to Replicate November 2022 or later
If you already performed the Changing the default Qlik Replicate Server Service Log On user for non-admin users procedure in an earlier version of Replicate, after upgrading to Replicate November 2022, you need to perform the following additional steps:
- Edit the Qlik Replicate Server service to log on with the user you added to the "Log on as a service" policy (in the "Local Security Policy").
-
Grant the user full control over the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Qlik\Qlik Replicate
- Stop the Qlik Replicate UI Server service.
- Restart the Qlik Replicate Server service.
- Start the Qlik Replicate UI Server service.
Changing the Qlik Replicate UI Server Service Account
The user can either be an admin user or a non-admin user. If you change the user to a non-admin user, the user must be the same as the non-admin user set in Changing the Qlik Replicate Server Service account above (assuming that a non-admin user was set).
To change the default Qlik Replicate UI Server Service Log On user:
- Open a command prompt and run the following commands:
Delete the existing user (if there is one), by running the following commands:
netsh http delete urlacl url=http://+:80/AttunityReplicate
netsh http delete urlacl url=https://+:443/AttunityReplicate
To add the user, run the following commands (where username is replaced by the name of the user):
netsh http add urlacl url=http://+:80/AttunityReplicate user=Username
netsh http add urlacl url=https://+:443/AttunityReplicate user=Username
- Edit the Qlik Replicate UI Server service to log on with the new user.
- Restart the Qlik Replicate UI Server service.