Hi John,
#1. Look at creating a new service account and assigning it the required permissions in AD to function properly in BEWS.
Once done, open up BEWS, and then going to Network...and create that same account in there. Problem 1 solved...a more secure service account running your backups.
#2 would be to create a normal user account (call it anything you want, ie. svcbackup) in AD, and don't assign it Admin rights of any kind.
Open up the Local Users and Groups on that server, and add the new account in #2 to Backup Operators group. Once done, open up Backup Exec and add that user account as a new account.
Once done, install the Backup Exec Remote Console on each person who needs to manage the backups. This prevents local logons to that server, and secure your environment a bit more.
You can read up more on #2 on the link to the article I wrote below:
https://www-secure.symantec.com/connect/articles/how-leverage-backup-execs-remote-console |
They will be able to make changes to the backups, but nothing further on network shares.
Laters!