Modify the service account used by SharpHound Enterprise

This article applies to BHE

SharpHound Enterprise utilizes the Windows Service manager to handle authentication. In certain cases, you may need to modify the user account utilized by the SharpHound Enterprise service. The steps to perform that modification are as follows.

  1. Log into your SharpHound Enterprise server.
  2. Open the Computer Management window.
  3. Under Local Users and Groups, make sure the new account is a member of the local Administrators group (Note: this is the most commonly missed step that prevents successful migration)
  4. Stop the SharpHound Delegator service.
  5. Open the properties on the SharpHound Delegator service.
  6. Navigate to the Logon tab.
  7. Change the account in this tab to the newly desired account.

    Note: if the account configuration is greyed out, run the following command within a terminal window, then re-open the SharpHound Delegator service properties.

    sc.exe config "SHDelegator" obj= "localsystem"
  8. [Optional] By default, the service will assign the logging directory to the %APPDATA% folder of the initial user that started the directory. You may desire to change that using the nested steps.
    1. Run notepad.exe as an Administrator
    2. Open C:\Program Files (x86)\SHService\settings.json
    3. Modify the “TempDirectory” value (you may either set this to null, or make sure to utilize double backslashes as seen in the current setting)
    4. Save the file and exit Notepad
  9. Start the SharpHound Delegator service and confirm that it has started checking into your BloodHound Enterprise tenant utilizing the new account.

Updated