cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Backup Exec 2012/2014 on Domain controller without domain admin

csyckad
Level 3

‎05-10-2015 11:12 PM

Hi All,

I try to follow the below technote to grant the security policy, however, the service "Backup Exec Server" wont able to start on the DC.

https://support.symantec.com/en_US/article.TECH136148.html

Can the service run without domain admin permission if the backup exce installed on DC?

Also, if possible, can we use remote console to connect (that account is not a doamin admin) , but the service accouint is domain admin.

I granted an account can remote desktop to dc without the domain admin privilege , but not able to open the console from DC or from another server to connect DC.

7 REPLIES 7

VJware
Level 6
Employee Accredited Certified

‎05-10-2015 11:27 PM

Domain admin / local admin is a must per https://support.symantec.com/en_US/article.TECH36718.html

0 Kudos

RahulG
Level 6
Employee

‎05-10-2015 11:56 PM

A DC would not have local admin rights, so you need to look at a domain group like Backup Operator . Backing up system state may need the Domain admin rights as it contains the AD information .

For remote console refer the bellow article from Craig 

https://www-secure.symantec.com/connect/articles/how-leverage-backup-execs-remote-console

 

0 Kudos

CraigV
Moderator
Moderator
Partner    VIP    Accredited

‎05-11-2015 12:18 AM

...the OP is asking if the account can be anything but Domain Admin...as in Backup Operators or normal user.

Thanks!

0 Kudos

csyckad
Level 3

‎05-11-2015 01:43 AM

We are fine for the service account to be domain admin. but for normal operation, like to see the job status, rerun the job, is it possible without domain admin,

Somehow it is application level permission.

0 Kudos

VJware
Level 6
Employee Accredited Certified

‎05-11-2015 01:47 AM

I would suggest you have a look @ this KB article as this outlines the type of accounts and minimal permissions required for different type of resource.

https://support.symantec.com/en_US/article.TECH130255.html

0 Kudos

csyckad
Level 3

‎05-11-2015 10:36 PM

Is it mean that I can create a service account with Default logon account, so other user can use this without know the password?

 

0 Kudos

VJware
Level 6
Employee Accredited Certified

‎05-11-2015 10:43 PM

You can create a logon account and set it as "Common", make it the default logon account and use the same account for the services as well. Other users can use BE without knowing the logon account's password.
 

0 Kudos