Due to unpredictable factors such as third-party antivirus software, Microsoft policy restrictions, etc ...  the NoMachine 'nxservice' service may loose the required permissions, negatively impacting NoMachine server functionality.

Since NoMachine v9.2, you can check and in case restore permissions for the nxservice and in particular for the 'nx' user by using commands below.

The nx user is an account that cannot be used by users (privileged or not) to log-in directly to the system. It is  used for internal handling of the NoMachine's operations and requires specific privileges. Admin privileges cannot be removed from user nx, neither the nx account cannot be deleted from the system or the NoMachine server will be no longer operational. Having another 'nx' account on the system, not generated by NoMachine, will result in conflicts.

Prerequisites
1) Administrative rights on the target server.
2) Backup critical configurations before making changes.

Open a cmd console as administrator and run this command:

%PROGRAMFILES%\NoMachine\bin\nxservice.exe --nxusercheckvalidity

Output of this command will provide status of the nx user.

If the nx user is not administrator or some permissions are missing, run this command to
restore them:

%PROGRAMFILES%\NoMachine\bin\nxservice.exe --nxuserrestorevalidity

Advanced configuration
It's possible to make this process automatic and force the NoMachine server (nxserver) to check status of the nx user at each restart of the server or reboot of the computer.
To do that, create a specific registry key.

Once the NoMachine server is installed, open Regedit (registry Editor) as admin.
Go to:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/nxservice
and create the new key CheckNxUserValidity as dword and set as 1.

When this key is present and enabled, nxservice will check status of the nx user at startup and will restore its status when necessary.

Manual procedure

This procedure must be done for NoMachine versions previous than v9.2. and whenever needed.
 

Prerequisites
1) Administrative rights on the target server.
2) Backup critical configurations before making changes.

Follow the steps below to validate and restore permissions for the nxservice and in particular for the 'nx' user.

Step 1: Verify nx user Membership in the Administrators Group
Open Command Prompt as Administrator.

Run:
net localgroup Administrators  

Check if the nx user is listed under Members.

If absent, add the user:
net localgroup Administrators nx /add  

Step 2: Audit Local User Permissions

Retrieve the User’s Security Identifier (SID), in PowerShell (Admin) execute:
Get-LocalUser -Name nx | Select Name, SID  

Example of output:
Name     SID  
----     ---  
nx       S-1-5-21-123456789-...  

Export Privilege Assignments, execute:
secedit /export /areas USER_RIGHTS /cfg C:\Temp\privileges.txt  

Replace C:\Temp with a writable directory.

Review privileges.txt for the following entries:
SeServiceLogonRight
SeDenyInteractiveLogonRight
SeTcbPrivilege
SeIncreaseQuotaPrivilege
SeAssignPrimaryTokenPrivilege

Check that nx user or its SID is listed under these privileges.

Step 3:  If necessary, add Missing Privileges

Use the NoMachine utility in Command Prompt (Admin):
"C:\Program Files\NoMachine\bin\nxdisplay.exe" --privilegeadd <PrivilegeName> --user nx  

Replace <PrivilegeName> with the exact privilege (e.g., SeServiceLogonRight).

Step 4: Revalidate Permissions

Repeat Step 2 to confirm the privilege was successfully added.

Step 5: Restart the machine and validate Service Health

Reboot the machine:
shutdown /r /t 0  

After reboot, verify that:
- the nxservice starts without errors.
- the NoMachine server functionality is restored.

Additional Notes
(i) Logs for for permission-related errors are: Check Event Viewer > Windows Logs > System
(ii) Possible Antivirus conflicts: temporarily disable third-party antivirus to test if it blocks nxservice, nxexec.
(iii) Service Dependencies: Use sc qc nxservice to check that dependencies are correctly configured.