Merge pull request #199901 from SnehaSudhirG/31May-HWCredentials

PRMerger18 · web-flow · commit 39479cd52833 · 2022-05-31T10:39:29.000-07:00
minor edits for clarity
diff --git a/articles/automation/automation-hrw-run-runbooks.md b/articles/automation/automation-hrw-run-runbooks.md
@@ -128,30 +128,33 @@ Instead of having your runbook provide its own authentication to local resources
 
 #### Use a credential asset for a Hybrid Runbook Worker group
 
-By default, the Hybrid jobs run under the context of System account. However, to run Hybrid jobs under a diffferent credential asset, follow the steps:
+By default, the Hybrid jobs run under the context of System account. However, to run Hybrid jobs under a different credential asset, follow the steps:
 
 1. Create a [credential asset](./shared-resources/credentials.md) with access to local resources.
 1. Open the Automation account in the Azure portal.
 1. Select **Hybrid Worker Groups**, and then select the specific group.
-1. Select **Settings**  and change the value of **Hybrid Worker credentials** from **Default** to **Custom**.
+1. Select **Settings**.
+1. Change the value of **Hybrid Worker credentials** from **Default** to **Custom**.
 1. Select the credential and click **Save**.
-
-For a successful job execution, ensure that you provide the following permissions. The jobs might get suspended if the required permissions are not assigned for Custom users.
-
- **Registry path** | **Permission**
-  --- | ---
-  HKLM\SYSTEM\CurrentControlSet\Services\EventLog  | read
-  HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters | full access
-  HKLM\SOFTWARE\Microsoft\Wbem\CIMOM | full access
-  HKLM\Software\Policies\Microsoft\SystemCertificates\Root | full access
-  HKLM\Software\Microsoft\SystemCertificates | full access
-  HKLM\Software\Microsoft\EnterpriseCertificates | full access
-  HKLM\software\Microsoft\HybridRunbookWorker | full access
-  HKLM\software\Microsoft\HybridRunbookWorkerV2 | full access
-  HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed | full access
-  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles | full access
-  Folder C:\ProgramData\AzureConnectedMachineAgent\Tokens | read
-  Folder C:\Packages\Plugins\Microsoft.Azure.Automation.HybridWorker.HybridWorkerForWindows\0.1.0.18\HybridWorkerPackage\HybridWorkerAgent | full access
+1. If the following permissions are not assigned for Custom users, jobs might get suspended. 
+Use your discretion in assigning the elevated permissions corresponding to the following registry keys/folders: 
+    
+**Registry path**
+
+- HKLM\SYSTEM\CurrentControlSet\Services\EventLog (read) </br>
+- HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters (full access) </br>
+- HKLM\SOFTWARE\Microsoft\Wbem\CIMOM (full access) </br>
+- HKLM\Software\Policies\Microsoft\SystemCertificates\Root (full access) </br>
+- HKLM\Software\Microsoft\SystemCertificates (full access) </br>
+- HKLM\Software\Microsoft\EnterpriseCertificates (full access) </br>
+- HKLM\software\Microsoft\HybridRunbookWorker (full access) </br>
+- HKLM\software\Microsoft\HybridRunbookWorkerV2 (full access) </br>
+- HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed (full access) </br>
+- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles (full access) </br>
+
+**Folders**
+- C:\ProgramData\AzureConnectedMachineAgent\Tokens (read) </br>
+- C:\Packages\Plugins\Microsoft.Azure.Automation.HybridWorker.HybridWorkerForWindows\0.1.0.18\HybridWorkerPackage\HybridWorkerAgent (full access)
 
 ## <a name="runas-script"></a>Install Run As account certificate
 
