When running SPlunkUF in LowPriv you will sometimes have to give READ rights to folders that SplunkUF wants to collect data from.. for example IIS log folders.

Example script:

$csvFilePath = "c:\users\myuser\desktop\test_host.csv"
$serviceAccountName = "NT SERVICE\SplunkForwarder"
$permission = "Read, ReadAndExecute, Synchronize"


$foo = Import-Csv -Path $csvFilePath -Delimiter ","
ForEach ($Myhost in $foo)
{
    $targetHost = ($Myhost).Hosts
    $folderPaths = ($Myhost).FolderPaths -split ';'
    Write-host "Working in: "$targetHost
    $session1 = New-PSSession -ComputerName $targetHost
    foreach ($targetFolderPath in $folderPaths) 
    {
        Write-host "- Checking: "$targetFolderPath
        $subfolders = Invoke-Command -Session $session1 -ArgumentList $targetFolderPath -ScriptBlock{param($targetFolderPath) Get-ChildItem -Path $targetFolderPath -Recurse | where {$_.Attributes -eq "directory"} | select -ExpandProperty fullname}
        Invoke-Command -Session $session1 -ArgumentList $targetFolderPath, $serviceAccountName, $permission -ScriptBlock{param($targetFolderPath, $serviceAccountName, $permission) 
        $acl = Get-Acl -Path $TargetFolderPath;
        $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($serviceAccountName, $permission, 'ContainerInherit,ObjectInherit', 'None', 'Allow');
        $acl.AddAccessRule($accessRule)
        Set-Acl -Path $TargetFolderPath -AclObject $Acl
        };
        foreach ($subfolder in $subfolders)
        {
            Write-host "- - Checking: "$subfolder
            Invoke-Command -Session $session1 -ArgumentList $subfolder, $serviceAccountName, $permission -ScriptBlock{param($subfolder, $serviceAccountName, $permission) 
            $acl = Get-Acl -Path $subfolder;
            $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($serviceAccountName, $permission, 'ContainerInherit,ObjectInherit', 'None', 'Allow');
            $acl.AddAccessRule($accessRule)
            Set-Acl -Path $subfolder -AclObject $Acl};
        }
    }
    Invoke-Command -Session $session1 -ScriptBlock{Restart-Service -Name splunkforwarder}
    Remove-PSSession -Session $session1;
}

Format of .csv fil

Hosts,FolderPaths
Host1,C:\inetpub\logs\LogFiles\;D:\inetpub\logs\LogFiles\
Host2,C:\inetpub\logs\LogFiles\;D:\inetpub\logs\LogFiles\
Host3,C:\inetpub\logs\LogFiles\;D:\inetpub\logs\LogFiles\
Host4,C:\inetpub\logs\LogFiles\;D:\inetpub\logs\LogFiles\