How do I start a Ubroker Process in Windows under a different user account?

How do I start a Ubroker Process on Windows under a different user account?
How do I start an AppServer Broker under a different user account?
How do I start a Sonic4GL Adapter under a different user account?
How do I start a WebSpeed Broker under a different user account?
How do I configure Progress to have ubroker start under a different user?
How do I define an owner for webspeed broker?
Permissions for starting webspeed under different owner

It may be necessary to have a broker process start under a different account than the AdminServer, where the AdminServer is started by the LocalSystem Account which doesn't normally have rights to network resources.

By having the broker start under a different user identity, it will then be possible to have the broker or its child processes communicate through the network without impediment, if that user has the appropriate privileges. The option to have a broker launched as a different user than the AdminServer is possible by modifying the ubroker.properties file.

Within the specific broker (webspeed, appserver, etc) section there is an entry for userName, which defines a valid user account. It is possible to run a broker under a differ user account. By default a broker will run under the System Account (also known as LocalSystem).

userName {OPTIONAL}

The value of userName has 3 formats:

1. user_name = defines an Administrator on the local machine.
2. .\user_name = same as option 1, with explicit reference to the local machine.
3. domain\user = A user on a specified domain.

Example:

[UBroker.AS.asbroker1]
appserviceNameList=asbroker1
brokerLogFile=@{WorkPath}\asbroker1.broker.log
controllingNameServer=NS1
defaultService=1
description=A sample AppServer setup for State-reset
environment=asbroker1
password= {Specifies the encrypted password of the userName property}
portNumber=3090
srvrLogFile=@{WorkPath}\asbroker1.server.log
userName=mytestaccount
uuid=932.99.999.XXX:1ee77e:cf3bbe3d33:-8000

In this example userName is set to mytestaccount.

If userName is set, then a password is required. It's value is an encrypted form of the user account's password. This property is automatically encrypted if added through the OpenEdge Console (Progress Explorer in earlier versions). However, if broker definitions are manually added by editing the ubroker.properties file, an encrypted password can be generated with "genpassword" found in DLC/bin directory:
$  genpassword -password users_password

where:
"users_password" is the clear text password for the userName account, that can be copy/pasted into the ubroker.properties "password=" entry.

To be able to use as a different user account, the user must have local administrator privileges and extra privileges before the broker can be started using that specific account:

- Administrator.
- Log on as a service.
- Log on as batch job.
- Act as part of the operating system.
- Increase quotas | Adjust memory quotas for a process (since Windows XP and 2003.)
- Create a token object.
- Replace a process level token.

For further information on setting user rights on Windows, see Article: 19244, How To configure windows to Start A Broker Under a Windows User?   

You may have to restart Windows for the user permissions to take effect.