02-10-2011 01:53 AM
I have newly installed Backup Exec 2010R2 on Windows Server 2008 64-bit.
I created a set of backup jobs as administrator. I added our backup operators to the windows groups Backup Operators and Remote Desktop Users.
For whatever reason, the backup operators cannot change the jobs I created nor can they create new ones. When they try to create a backup or restore job, they "access denied" errors when browsing backup targets.
If I make them local administrators, the problem goes away. Unfortunately, this is against our security regulations
Please advise! this is a big issue! tks
02-10-2011 02:08 AM
From the Admin guide:
Required user rights for backup jobs
To perform any backup operations, the following Windows user rights are required for the service account and any Backup Exec logon accounts:
■ Act as part of the operating system
■ Create a token object.
■ Back up files and directories.
■ Restore files and directories.
■ Managed auditing and security log.
■ Logon as a batch job (only for Windows Vista and later).
Check whether the accounts created by you have the above mentioned privileges or not...
Regards...
02-10-2011 03:12 AM
Hi Bryan,
Read the article I wrote below...I use this to give the site reps we have access to Backup Exec.
See if it helps you in any way...
Thanks!
https://www-secure.symantec.com/connect/articles/how-leverage-backup-execs-remote-console |
02-10-2011 05:46 AM
thanks Kiranji but that isn't the problem. The service account and logon accounts are doing great. The problem is when a Backup Operator (member of local Backup Operator group) logs on. The backup operator is using the BEX logon account, which seems to be configured correctly. The backup jobs i create run on schedule w/ out issue so the BEX logon accounts must be correct.
02-10-2011 06:31 AM
Hi bryan,
But the account by using which you are logging into the backup server, should have sufficient privileges to browse all the machines in the network (Domain Administrator), i believe. The other accounts can see the backup jobs status and monitor BE. (From the screenshot attached by you) The user have privileges to browse the backup server, that's why you are able to see backup server's local drives. Hope i am not confusing you..
Regards..
02-10-2011 07:29 AM
Hi Bryan ,
Please refer the following document & see if it helps
Make sure that the logon a/c should be in this format "Domainname\username"
http://www.symantec.com/docs/TECH74365
Note - I just checked the screen shot & wanted to suggest that you can backup your resource from
02-10-2011 08:19 AM
hmm, but w/ Backup Exec 2010R2 installed on our Win 2003 server, our Backup Operators are not able browse all the machines on the network but they are able to able to browse the backup jobs.
02-10-2011 08:21 AM
thanks RRE, the logon a/c is in this format "Domainname\username"
also, the problem is not limited to my own server but to all servers :(
02-10-2011 09:10 AM
Did You reffered the doc
http://www.symantec.com/docs/TECH74365
It will also tell you how to edit the domain policy
Thanks
02-10-2011 10:41 AM
Inside backup exec, under Network, Logon accounts, you have a list of credentials used for configuring backup jobs. When you enter them, you can select restricted or not. Restricted accounts can only be used by the person who entered them into the application. Choose a network logon account that works on all systmes and do not make it restricted. Now, anyone who logs into the server can use this account to create and run backup jobs.