Beginning with Tableau Server 9.3 a change was made to the Tableau Server License Manager (tablicsrv) configuration. In previous versions, tablicsrv.exe was run under the security context (log on value) of the Local System. Local System has more system access than the License Manager requires. Therefore, according to the security principle of “least permissions,” we made the change in version 9.3 to run the License Manager under the more restricted context of “Local Service.” The Local Service account is used by License Manager to access and execute files located under the Tableau Server installation directory (
%PROGRAMDATA%\Tableau\Tableau Server). These actions, in turn, rely upon permissions that are inherited through the Users security group on the Tableau Server installation directory.
As shown above, the following permissions (all of which are inherited by Local Service) are granted to the Users security group:
Read & execute
List folder contents
If Local Service does not have these permissions, then Tableau Server will fail to initialize during installation, resulting in the errors above.
Why doesn’t Local Service have the correct permissions?
As a security measure, some organizations remove the Users group from all installation directories in their environments. Usually, such organizations remove the User group with an automated change management software solution such as Group Policy.