cancel
Showing results for 
Search instead for 
Did you mean: 

Backup Exec 2010 R2 - BESA permissions

anders_se
Level 3

I am running BE2010R2 SP1 in a Windows Server 2003 environment with SSLF security.

What are the limitations if the Backup Exec Service Account don't have the Create a Token Object and Manage Auditing and Security Log permissions?

1 ACCEPTED SOLUTION

Accepted Solutions

anders_se
Level 3

Tested complete backup of four servers, tested restore of databases, SharePoint items, files and system. Cannot find any limitations.

View solution in original post

12 REPLIES 12

CraigV
Moderator
Moderator
Partner    VIP    Accredited

...you might find that backups won't run, or if they do, that they run very erratically. If you're able to give them those rights, do so as it means you conform with the requirements for the BESA from Symantec's side...

Dev_T
Level 6

 Hi,

The below technote will give you an overall of BESA

http://www.symantec.com/docs/TECH130255

anders_se
Level 3

I am running test on full backup of Windows servers running SQL Server 2005, SharePoint 2007, Exhange.

I am using agents for SharePoint and SQL Server. AOFO and IDR are enabled.

Still have not found any limitations. Does anyone know of any limitations?

Dev_T
Level 6

AOFO is not recomended on databases like SQL, Exchange...etc

pkh
Moderator
Moderator
   VIP    Certified

If you backup a SQL database with AOFO on, then you would not be able to do re-direction when you restore.

anders_se
Level 3

Restore to original location, to new database on original server and instance, restore to new database on other server tested ok from a backup with aofo enabled. Other limitations?

My main question was regarding BESA permissions...

CraigV
Moderator
Moderator
Partner    VIP    Accredited

Quite honestly, lock your network down like you need too, and see how this affects the BESA account. Once done, start lifting the restrictions a bit, or create a new OU and put the BESA account into that where it is not affected by any security policies.

I think that the number of issues you could run into varies so much, it isn't worth it to list them all. But check above on the comments...might also affect Exchange backups/restores; SQL backups/restores; launching of the services properly; access to folders and files etc...

anders_se
Level 3

Tested complete backup of four servers, tested restore of databases, SharePoint items, files and system. Cannot find any limitations.

CraigV
Moderator
Moderator
Partner    VIP    Accredited

...then I guess all is well!

Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

if you are that interested in Security then upgrdae to Backup Exec 2010 R3 which uses trusting between Media Servers and Remote Agents to limit the chances of a Man in the Middle Attack

2010 R3 is the first version of Backup Exec to include this level of Security

anders_se
Level 3

Upgrade to R3 completed! I like the new trust feature.

Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

Bear in mind some of the permissions that we specify might only be needed for a restore so only testing a backup is not a valid test of you security settings.