Our BigFix v10 environment runs on Windows 2019 using Active Directory service accounts and off box SQL. To increase security through least privilege, I was attempting to lower the BigFix application service account from local administrators to local users (open to using other local groups if needed). This works fine for the off box SQL, but for BigFix masters, some services will not start as local user. Of course, running as local admin works perfectly fine.
Services that will start as domain\username in Local users
Services that fail to start as domain\username in Local users
Anyone have documentation, root cause ideas, or knowledge of required changes to address and/or potential issues we will have even we solve running as local user?