diff --git a/src/CfCcgPlugin/CfCcgCredProvider.cs b/src/CfCcgPlugin/CfCcgCredProvider.cs
index b5706ea2..61463a81 100644
--- a/src/CfCcgPlugin/CfCcgCredProvider.cs
+++ b/src/CfCcgPlugin/CfCcgCredProvider.cs
@@ -21,7 +21,6 @@ void GetPasswordCredentials(
     [ProgId("CfCcgCredProvider")]
     [ComVisible(true)]
     [SecurityRole("SYSTEM")]
-    [SecurityRole("CCG")]
     public class CfCcgCredProvider : ServicedComponent, ICcgDomainAuthCredentials
     {
         public CfCcgCredProvider()
diff --git a/src/CfCcgPlugin/ChangePluginIdentity.ps1 b/src/CfCcgPlugin/ChangePluginIdentity.ps1
index c589aed9..95a4f69d 100644
--- a/src/CfCcgPlugin/ChangePluginIdentity.ps1
+++ b/src/CfCcgPlugin/ChangePluginIdentity.ps1
@@ -6,6 +6,7 @@ $apps.Populate()
 
 $appExistCheckApp = $apps | Where-Object {$_.Name -eq $newComPackageName}
 $appExistCheckApp.Value("Identity") = "NT AUTHORITY\LocalService"
+$appExistCheckApp.Value("ApplicationAccessChecksEnabled") = $true
 $apps.SaveChanges()
 
 $roles = $apps.GetCollection("Roles", $appExistCheckApp.Key)
@@ -15,20 +16,12 @@ $systemRole = $roles | Where-Object {$_.Name -eq "SYSTEM"}
 if ($systemRole) {
     $users = $roles.GetCollection("UsersInRole", $systemRole.Key)
     $users.Populate()
+    
     $newUser = $users.Add()
     $newUser.Value("User") = "NT AUTHORITY\SYSTEM"
     $users.SaveChanges()
-}
 
-$ccgRole = $roles | Where-Object {$_.Name -eq "CCG"}
-if ($ccgRole) {
-    $users = $roles.GetCollection("UsersInRole", $ccgRole.Key)
-    $users.Populate()
-    try {
-        $newUser = $users.Add()
-        $newUser.Value("User") = "NT SERVICE\ccg"
-        $users.SaveChanges()
-    } catch {
-        Write-Warning "Failed to add NT SERVICE\ccg to CCG role: $_"
-    }
+    $serviceUser = $users.Add()
+    $serviceUser.Value("User") = "NT AUTHORITY\SERVICE"
+    $users.SaveChanges()
 }