[docs] Add troubleshooting topic about system user requirement for endpoint

dedemorton · dedemorton · commit d23eb0d081ff · 2020-07-27T20:18:09.000-07:00
diff --git a/docs/en/ingest-management/troubleshooting.asciidoc b/docs/en/ingest-management/troubleshooting.asciidoc
@@ -24,6 +24,7 @@ Contact us in the {im-forum}[discuss forum]. Your feedback is very valuable to u
 * <<ingest-manager-app-crashes>>
 * <<agent-enrollment-timeout>>
 * <<es-apikey-failed>>
+* <<process-not-root>>
 
 **Frequently asked questions:**
 
@@ -161,6 +162,33 @@ property in the `kibana.yml` configuration file. For example:
 xpack.encryptedSavedObjects.encryptionKey: "something_at_least_32_characters"
 ----
 
+[discrete]
+[[process-not-root]]
+== {agent} fails on Windows with `Agent process is not root/admin or validation failed` message
+
+Make sure the user has administrator-level privileges.
+
+If you're using the {elastic-endpoint} integration, also make sure you're
+running {agent} under the SYSTEM account.
+
+To run {agent} under the SYSTEM account, you can:
+
+. Download https://docs.microsoft.com/en-us/sysinternals/downloads/psexec[PsExec]
+and extract the contents to a folder, for example, `d:\tools`.
+. Open a command prompt as an Administrator (right-click the Command Prompt
+icon and select *Run As Administrator*).
+. From the command prompt, run {agent} under the SYSTEM account:
++
+[source,sh]
+----
+d:\tools\psexec.exe -sid "C:\Program Files\Elastic-Agent\elastic-agent.exe" run
+----
+
+
+TIP: If you install {agent} as a service as described in
+<<elastic-agent-installation>>, the Agent runs under the SYSTEM account by
+default.
+
 [discrete]
 [[enrolled-agent-not-showing-up]]
 == Why doesn't my enrolled Agent show up in the {ingest-manager} app?
