diff --git a/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/access.md b/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/access.md
index e77af39406..e720157b49 100644
--- a/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/access.md
+++ b/docs/accessanalyzer/11.6/requirements/activedirectory/activedirectory/access.md
@@ -182,8 +182,11 @@ While the Registry Data Collector typically requires Domain Administrator permis
 a domain controller, that level of access is not required to run the 5.Domains > 0.Collection >
 AD_DSRM Job. The minimum requirements for running this job are:
 
-- Requires read access to the following Registry key and its children:  
+- Requires read access to the following Registry key and its children:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
+  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
+
+Alternatively, granting access to the Server Operators group also allows read-only access to the Lsa key, just requiring access added to the winreg key.
 
 **AD_TimeSync Job Permissions**
 
@@ -193,6 +196,9 @@ AD_TimeSync Job. The minimum requirements for running this job are:
 
 - Requires Read access to the following Registry keys and its children:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time
+  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
+
+Alternatively, granting access to the Network Configuration Operators group also allows read-only access to the W32Time key, just requiring access added to the winreg key.
 
 **AD_DomainInfo Job Permissions**
 
diff --git a/docs/accessanalyzer/12.0/requirements/activedirectory/target/access.md b/docs/accessanalyzer/12.0/requirements/activedirectory/target/access.md
index ac83abd8b5..950ed06056 100644
--- a/docs/accessanalyzer/12.0/requirements/activedirectory/target/access.md
+++ b/docs/accessanalyzer/12.0/requirements/activedirectory/target/access.md
@@ -182,8 +182,11 @@ While the Registry Data Collector typically requires Domain Administrator permis
 a domain controller, that level of access is not required to run the 5.Domains > 0.Collection >
 AD_DSRM Job. The minimum requirements for running this job are:
 
-- Requires read access to the following Registry key and its children:  
+- Requires read access to the following Registry key and its children:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
+  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
+
+Alternatively, granting access to the Server Operators group also allows read-only access to the Lsa key, just requiring access added to the winreg key.
 
 **AD_TimeSync Job Permissions**
 
@@ -193,6 +196,9 @@ AD_TimeSync Job. The minimum requirements for running this job are:
 
 - Requires Read access to the following Registry keys and its children:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time
+  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
+
+Alternatively, granting access to the Network Configuration Operators group also allows read-only access to the W32Time key, just requiring access added to the winreg key.
 
 **AD_DomainInfo Job Permissions**