Running the BES Agent as anything other than LOCAL SYSTEM will limit what it can do as the LOCAL SYSTEM account has special privileges set on the machine.
If you have to run an action as a user there is a RunAsCurrentUser executable you can use, checking if the user is an admin before would be a good idea from what you describe though.
I know the RunAsCurrentUser utility, but has the documentation says: “RunAsCurrentUser, can run commands on Windows systems using the credentials and local context of the currently logged on user.”
And I need the relevance code to be executed even if no user is logged in.
Also the user currently logged in may not have right to make the necessary task.
Do you know any documentation that specifies what limitations exists when a non loca system account is used ?
Problems that I know of that can happen without the right privileges (some can be set to accounts some cannot):
AD Information (active directory inspectors)
User Detection (user, current user, local user inspectors)
Program execution scanning (processes inspectors)
Security information (sid, dacl, sacl etc inspectors)
Launching ClientUI as other users
Many more…
And many more. The client will limp along doing what it can but you will just get many errors on content.
We don’t have the ability to run as an arbitrary user as we don’t have the account information to “log on” as that user. There may be ways to do this but nothing that is currently available.