I am running BE2010R2 SP1 in a Windows Server 2003 environment with SSLF security.
What are the limitations if the Backup Exec Service Account don't have the Create a Token Object and Manage Auditing and Security Log permissions?
Solved! Go to Solution.
...you might find that backups won't run, or if they do, that they run very erratically. If you're able to give them those rights, do so as it means you conform with the requirements for the BESA from Symantec's side...
I am running test on full backup of Windows servers running SQL Server 2005, SharePoint 2007, Exhange.
I am using agents for SharePoint and SQL Server. AOFO and IDR are enabled.
Still have not found any limitations. Does anyone know of any limitations?
Restore to original location, to new database on original server and instance, restore to new database on other server tested ok from a backup with aofo enabled. Other limitations?
My main question was regarding BESA permissions...
Quite honestly, lock your network down like you need too, and see how this affects the BESA account. Once done, start lifting the restrictions a bit, or create a new OU and put the BESA account into that where it is not affected by any security policies.
I think that the number of issues you could run into varies so much, it isn't worth it to list them all. But check above on the comments...might also affect Exchange backups/restores; SQL backups/restores; launching of the services properly; access to folders and files etc...
if you are that interested in Security then upgrdae to Backup Exec 2010 R3 which uses trusting between Media Servers and Remote Agents to limit the chances of a Man in the Middle Attack
2010 R3 is the first version of Backup Exec to include this level of Security
Bear in mind some of the permissions that we specify might only be needed for a restore so only testing a backup is not a valid test of you security settings.