A user with Administrator privileges is required to run the DataMiner installer. During installation, DataMiner will create a number of services in Windows that will run as SYSTEM. There is currently no way to run the DataMiner services under a different user. We are aware that all of our services running as SYSTEM is not recommended, and are working on removing this limitation in the future.

Do note that once the installation is finished, DataMiner operators no longer require Administrator permissions on the server where DataMiner is hosted. You can even disable the built-in Windows Administrator.

You can alter the Security.xml manually, but after the next DataMiner restart any changes will be overwritten by the information in the SyncInfo\* files. These files are signed, meaning they cannot be altered. This is a security measure to prevent tampering and is by design.

Some additional security tips can be found in this article about securing DataMiner (more tips will follow soon).

Other than this I recommend applying the principle of least privilege for your DataMiner users. Meaning if a user doesn’t require specific permissions, they should not be granted. Be especially careful when granting the DataMiner permissions regarding Security, Automation Script creation, and Protocol upload.
Please let me know if you have any further questions, I’m happy to assist where needed.