05-10-2015 11:12 PM
Hi All,
I try to follow the below technote to grant the security policy, however, the service "Backup Exec Server" wont able to start on the DC.
https://support.symantec.com/en_US/article.TECH136148.html
Can the service run without domain admin permission if the backup exce installed on DC?
Also, if possible, can we use remote console to connect (that account is not a doamin admin) , but the service accouint is domain admin.
I granted an account can remote desktop to dc without the domain admin privilege , but not able to open the console from DC or from another server to connect DC.
05-10-2015 11:27 PM
Domain admin / local admin is a must per https://support.symantec.com/en_US/article.TECH36718.html
05-10-2015 11:56 PM
A DC would not have local admin rights, so you need to look at a domain group like Backup Operator . Backing up system state may need the Domain admin rights as it contains the AD information .
For remote console refer the bellow article from Craig
https://www-secure.symantec.com/connect/articles/how-leverage-backup-execs-remote-console
05-11-2015 12:18 AM
...the OP is asking if the account can be anything but Domain Admin...as in Backup Operators or normal user.
Thanks!
05-11-2015 01:43 AM
We are fine for the service account to be domain admin. but for normal operation, like to see the job status, rerun the job, is it possible without domain admin,
Somehow it is application level permission.
05-11-2015 01:47 AM
I would suggest you have a look @ this KB article as this outlines the type of accounts and minimal permissions required for different type of resource.
https://support.symantec.com/en_US/article.TECH130255.html
05-11-2015 10:36 PM
Is it mean that I can create a service account with Default logon account, so other user can use this without know the password?
05-11-2015 10:43 PM
You can create a logon account and set it as "Common", make it the default logon account and use the same account for the services as well. Other users can use BE without knowing the logon account's password.