Backup Exec 2010 + 2012 User/Service Account rights when Hyper-V host is in a Workgroup

When installing Backup Exec 2010 or 2012 in a Domain Environment it will automatically create a Backup service account and will automatically assign the correct rights to the account.

Problem is in a Virtualized environment were you have no physical Domain Controllers your Hypervisor is usually in a Workgroup. So when installing Backup exec it creates a Service account for the workgroup but not for the domain.

Below is the steps to manually create an account for the domain as well as to assign the correct permissions and rights.

1. Create a normal account in Active Directory called “Backup” and give it a password.

2. Set the password of the account to never Expire

3. If you will be backing up the System state of Domain Controller make the account part of the Domain Admins group.

4. The account should have its primary role as Domain Admin.

5. Assign the following rights to the account.

The below will happen in the Domain Controllers Security Policy as well as any Security Policies that control your member servers.

Act as part of the operating system
Backup files and directories
Create a token object
Logon as a batch job (Windows 2008 only)
Logon as a service
Manage auditing and security log
Restore files and directories
Take ownership of files and other objects

Also make sure the account is not added under the following:

Deny logon as a service
Deny logon as a batch

Leave a Reply

Your email address will not be published. Required fields are marked *