Revoke Run As Service Account Permissions
Changing the Run As service account in Tableau Server Configuration Utility does not remove the permissions from the previous account. Therefore, after you change the Run As service account, we recommend manually revoking permissions from the previous account as a secure best practice. Follow the procedure below to revoke permissions from the previous Run As service account.
If you have changed your Run As service account and your organisation uses a forward proxy solution, then you may need to reconfigure the local LAN settings with the new Run As service account. See Configure a forward proxy server for more information.
You must be logged onto the Tableau Server computer with an administrator account to perform the following procedures.
Remove folder permissions
Tableau Server configures permissions on Windows folders according to the location where you install Tableau Server. Before you remove folder permissions, review Verify Folder Permissions to identify the resources for which you will need to remove permissions. Run the following procedure for each of the resources you have identified:
- For each resource (drive, folder, executable), right-click the resource, and then click Properties.
- On the resource property page, click the Security tab, and then click Edit to change permissions.
- On the Permissions page, select the previous Run As service account and then click Remove.
- Click OK.
Remove registry permissions
Remove the previous Run As service account from the following registry locations:
- HKEY_CURRENT_USER\Software\Tableau
- HKEY_LOCAL_MACHINE\Software\Tableau
Warning: Editing the Windows registry incorrectly can have harmful effects on your computer.
- Open the Registry Editor by entering
regedit
in Windows Run, and then clicking OK. - For each registry directory, right-click the Tableau folder, and then click Permissions.
- In the Permissions for Tableau page, select the previous Run As service account, and then click Remove.
- Click OK.
Remove security policies
Remove the previous Run As service account from the following security policies:
- “Log on as a service” policy
- “Allow log on locally” policy
- Select Start > Control Panel > Administrative Tools > Local Security Policy.
- In Local Security Policy, open Local Policies, select User Rights Assignments.
- For each policy:
- Right-click the policy and then select Properties.
- On the policy property page, select the previous Run As service account, and then click Remove.
- Click OK.