Service Account Requirements

When Seq is deployed on Windows, it is best practice to run the Seq Windows Service using a service account with non-administrative permissions.

When the account is created, it will not be able to log in as a service by default. Before configuring Seq, grant the service Log on as a Service rights (instructions).

Running seq install -u <username> -p <password> will then, normally, set up other required permissions.

In some cases, if the service user is a domain account, then it must be started manually the first time from Services.msc before the credentials will be accepted (reports are infrequent and the causes currently unknown).

If Seq still will not start, ensure the account has:

• Read/write access to storage locations - the account must be able to read and write the configured storage location (by default C:\ProgramData\Seq) as well as the log file location (C:\ProgramData\Seq\Logs, even if storage is configured differently)
• Permission to listen on the hostname/port/path - netsh http add urlacl can be used to configure this manually

Attempting to start Seq interactively with runas /user:<username> seq run can sometimes reveal issues in the server's console output, if the log file in C:\ProgramData\Seq\Logs does not show any information.