Minimum user account permissions needed to run NetBackup services
We run NetBackup 8.0 on a server at our site. For the Windows services 'NetBackup Client Service', 'NetBackup Remote Manager and Monitor Service' and 'NetBackup Web Management Console', we have them running under a local user account which is a local administrator on the server.
I am part of the IT team for the site. The central IT team have installed Local Administrator Password Solution (LAPS) on all servers recently, which means that the passwords for all local admin accounts get automatically changed by the software every 42 days, therefore of course the services fail.
Rather than simply uninstalling LAPS, I want to see if there is a better way. One way I thought to get around this is to use a local standard user (non-administrator) account instead, and just assign it the privileges needed to run the services correctly.
I followed the second post on this article... https://vox.veritas.com/t5/NetBackup/NetBackup-Service-Account-requirements/td-p/625893
I created a new standard local user, and I set the following permissions for the user in the local group policy editor, and rebooted...
- Act as part of the operating system
- Replace a process level token
- Logon as a service
- Create a token object
But unfortunately I couldn't start the service with the new user, so I've had to revert back to the local admin user for now.
Do you know what else I need to set to make sure that this standard local user can successfully run the services above?
Thanks.