From 598488c031f2dfc657d8a709a2b6f25a5b93e970 Mon Sep 17 00:00:00 2001
From: Patrick Bareiss <pbareiss@splunk.com>
Date: Wed, 4 Sep 2024 13:22:58 +0200
Subject: [PATCH] bug fix sysmon splunk uf

---
 .../windows_universal_forwarder/tasks/install_splunk_uf.yml     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/ansible/roles/windows_universal_forwarder/tasks/install_splunk_uf.yml b/terraform/ansible/roles/windows_universal_forwarder/tasks/install_splunk_uf.yml
index 4adb9775..3dc2ae50 100644
--- a/terraform/ansible/roles/windows_universal_forwarder/tasks/install_splunk_uf.yml
+++ b/terraform/ansible/roles/windows_universal_forwarder/tasks/install_splunk_uf.yml
@@ -8,7 +8,7 @@
 - name: Install Splunk_UF MSI
   win_package:
     path: C:\splunkuf.msi
-    arguments: 'WINEVENTLOG_SEC_ENABLE=0 WINEVENTLOG_SYS_ENABLE=0 WINEVENTLOG_APP_ENABLE=0 SPLUNKPASSWORD=Pl3ase-k1Ll-me:p AGREETOLICENSE=YES /quiet'
+    arguments: 'WINEVENTLOG_SEC_ENABLE=0 WINEVENTLOG_SYS_ENABLE=0 WINEVENTLOG_APP_ENABLE=0 PRIVILEGESECURITY=1 USE_LOCAL_SYSTEM=1 SPLUNKPASSWORD=Pl3ase-k1Ll-me:p AGREETOLICENSE=YES /quiet'
 
 - name: Start Splunk
   win_service: