Backup Exec 2010 R2 - BESA permissions

I am running BE2010R2 SP1 in a Windows Server 2003 environment with SSLF security.

What are the limitations if the Backup Exec Service Account don't have the Create a Token Object and Manage Auditing and Security Log permissions?

1 Solution

Accepted Solutions
Highlighted
Accepted Solution!

Tested complete backup of

Tested complete backup of four servers, tested restore of databases, SharePoint items, files and system. Cannot find any limitations.

View solution in original post

12 Replies

...you might find that

...you might find that backups won't run, or if they do, that they run very erratically. If you're able to give them those rights, do so as it means you conform with the requirements for the BESA from Symantec's side...

 Hi, The below technote will

 Hi,

The below technote will give you an overall of BESA

http://www.symantec.com/docs/TECH130255

I am running test on full

I am running test on full backup of Windows servers running SQL Server 2005, SharePoint 2007, Exhange.

I am using agents for SharePoint and SQL Server. AOFO and IDR are enabled.

Still have not found any limitations. Does anyone know of any limitations?

AOFO is not recomended on

AOFO is not recomended on databases like SQL, Exchange...etc

If you backup a SQL database

If you backup a SQL database with AOFO on, then you would not be able to do re-direction when you restore.

AOFO and SQL databases

Restore to original location, to new database on original server and instance, restore to new database on other server tested ok from a backup with aofo enabled. Other limitations?

My main question was regarding BESA permissions...

Quite honestly, lock your

Quite honestly, lock your network down like you need too, and see how this affects the BESA account. Once done, start lifting the restrictions a bit, or create a new OU and put the BESA account into that where it is not affected by any security policies.

I think that the number of issues you could run into varies so much, it isn't worth it to list them all. But check above on the comments...might also affect Exchange backups/restores; SQL backups/restores; launching of the services properly; access to folders and files etc...

Highlighted
Accepted Solution!

Tested complete backup of

Tested complete backup of four servers, tested restore of databases, SharePoint items, files and system. Cannot find any limitations.

View solution in original post

...then I guess all is well!

...then I guess all is well!

if you are that interested in

if you are that interested in Security then upgrdae to Backup Exec 2010 R3 which uses trusting between Media Servers and Remote Agents to limit the chances of a Man in the Middle Attack

2010 R3 is the first version of Backup Exec to include this level of Security

Upgrade to R3 completed! I

Upgrade to R3 completed! I like the new trust feature.

Bear in mind some of the

Bear in mind some of the permissions that we specify might only be needed for a restore so only testing a backup is not a valid test of you security settings.