From 878a8e3c4fffc1831d70e0459f388325a13f4449 Mon Sep 17 00:00:00 2001
From: DeDe Morton <dede.morton@elastic.co>
Date: Mon, 27 Jul 2020 18:14:12 -0700
Subject: [PATCH 1/3] [docs] Add troubleshooting topic about system user
 requirement for endpoint

---
 .../troubleshooting.asciidoc                  | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/docs/en/ingest-management/troubleshooting.asciidoc b/docs/en/ingest-management/troubleshooting.asciidoc
index cf5e24a95a..5bc4dc6469 100644
--- a/docs/en/ingest-management/troubleshooting.asciidoc
+++ b/docs/en/ingest-management/troubleshooting.asciidoc
@@ -22,6 +22,7 @@ Contact us in the {im-forum}[discuss forum]. Your feedback is very valuable to u
 * <<ingest-manager-app-crashes>>
 * <<agent-enrollment-timeout>>
 * <<es-apikey-failed>>
+* <<process-not-root>>
 * <<agent-hangs-while-unenrolling>>
 
 **Frequently asked questions:**
@@ -156,6 +157,33 @@ property in the `kibana.yml` configuration file. For example:
 xpack.encryptedSavedObjects.encryptionKey: "something_at_least_32_characters"
 ----
 
+[discrete]
+[[process-not-root]]
+== {agent} fails on Windows with `Agent process is not root/admin or validation failed` message
+
+Make sure the user has administrator-level privileges.
+
+If you're using the {elastic-endpoint} integration, also make sure you're
+running {agent} under the SYSTEM account.
+
+To run {agent} under the SYSTEM account, you can:
+
+. Download https://docs.microsoft.com/en-us/sysinternals/downloads/psexec[PsExec]
+and extract the contents to a folder, for example, `d:\tools`.
+. Open a command prompt as an Administrator (right-click the Command Prompt
+icon and select *Run As Administrator*).
+. From the command prompt, run {agent} under the SYSTEM account:
++
+[source,sh]
+----
+d:\tools\psexec.exe -sid "C:\Program Files\Elastic-Agent\elastic-agent.exe" run
+----
+
+
+TIP: If you install {agent} as a service as described in
+<<elastic-agent-installation>>, the Agent runs under the SYSTEM account by
+default.
+
 [discrete]
 [[agent-hangs-while-unenrolling]]
 == {agent} hangs while unenrolling

From 3ad8868981df258992329c522949e8f88ec4c079 Mon Sep 17 00:00:00 2001
From: DeDe Morton <dede.morton@elastic.co>
Date: Mon, 10 Aug 2020 15:08:01 -0700
Subject: [PATCH 2/3] Fix change lost during rebase

---
 docs/en/ingest-management/troubleshooting.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/en/ingest-management/troubleshooting.asciidoc b/docs/en/ingest-management/troubleshooting.asciidoc
index 5bc4dc6469..b3ea399bca 100644
--- a/docs/en/ingest-management/troubleshooting.asciidoc
+++ b/docs/en/ingest-management/troubleshooting.asciidoc
@@ -159,7 +159,7 @@ xpack.encryptedSavedObjects.encryptionKey: "something_at_least_32_characters"
 
 [discrete]
 [[process-not-root]]
-== {agent} fails on Windows with `Agent process is not root/admin or validation failed` message
+== {agent} fails with `Agent process is not root/admin or validation failed` message
 
 Make sure the user has administrator-level privileges.
 

From 1644f1f1e4f7c3388f0f7e0e8eb202f69e763fb3 Mon Sep 17 00:00:00 2001
From: DeDe Morton <dede.morton@elastic.co>
Date: Mon, 10 Aug 2020 15:30:52 -0700
Subject: [PATCH 3/3] Clarify sudo requirement

---
 docs/en/ingest-management/troubleshooting.asciidoc | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/docs/en/ingest-management/troubleshooting.asciidoc b/docs/en/ingest-management/troubleshooting.asciidoc
index b3ea399bca..f197d97407 100644
--- a/docs/en/ingest-management/troubleshooting.asciidoc
+++ b/docs/en/ingest-management/troubleshooting.asciidoc
@@ -161,11 +161,18 @@ xpack.encryptedSavedObjects.encryptionKey: "something_at_least_32_characters"
 [[process-not-root]]
 == {agent} fails with `Agent process is not root/admin or validation failed` message
 
-Make sure the user has administrator-level privileges.
+Make sure the user running {agent} has root privileges. If you're running
+{agent} in the foreground (and not as a service) on Linux or macOS, run the
+agent under the root user, for example, `sudo` or `su`. Some integrations
+require root privileges to collect sensitive data.
 
 If you're using the {elastic-endpoint} integration, also make sure you're
 running {agent} under the SYSTEM account.
 
+TIP: If you install {agent} as a service as described in
+<<elastic-agent-installation>>, {agent} runs under the SYSTEM account by
+default.
+
 To run {agent} under the SYSTEM account, you can:
 
 . Download https://docs.microsoft.com/en-us/sysinternals/downloads/psexec[PsExec]
@@ -180,10 +187,6 @@ d:\tools\psexec.exe -sid "C:\Program Files\Elastic-Agent\elastic-agent.exe" run
 ----
 
 
-TIP: If you install {agent} as a service as described in
-<<elastic-agent-installation>>, the Agent runs under the SYSTEM account by
-default.
-
 [discrete]
 [[agent-hangs-while-unenrolling]]
 == {agent} hangs while unenrolling