Last Friday we ran a remote PowerShell script that reached out 1000+ universal forwarders to add a new forward-server to each of them.
We know of four servers where C:\Users\Default\.splunk\authToken_servername_8089 was created (or perhaps just modified) by the script, but it only was created with permissions for myself, because my userid ran the remote script. The Windows admins say that broke logins to the boxes, because nothing else could read the .splunk folder under the default profile in c:\Users\Default.
Is there a good document explaining how Splunk assignes permissions to the folders and files that it creates?
↧