On page 74 of the Administrator's Guide, it reads:
"Due to security implementations in Microsoft Small Business Server, the service account must be Administrator."
How is this possible when SBS 2008 SP2 disables the Administrator account by default, and recommends to leave it that way? On a previous installation I used my own domain admin account, which seemed to work fine at first, until the default password policy asked me to change my password. This of course caused BE to stop working.
Backup Exec do not require "Administrator" account, but requires account who is a member of Domain Admin group.
As its SBS, I assume we are also backing up Exchange. For backing up exchange the BE Service account must be configured in the following manner:
1 : Member of the domain Admin Group
2 : Mailbox enabled account
3 : Mailbox NOT hidden from the global address list
4 : A unique account, first 5 digits must not contain "admin"
Whenever I configure BE service for backing up exchange, I create a new account named symantec in Active Directory and assign the above rights.
Backup Exec do not talk with Active Directory directly, so whenever we change the password for the BE service account we have to manually add the password in Backup Exec
So you figure the Administrator's Guide is wrong? I was thinking along those lines.
In this case I'm not backing up Exchange, so I assume I would follow your advice but skip 2 & 3? Since we're creating an account for this, does this increase our user CALs? If I have policy for changing passwords every x months, will this new account be unaffected since we're never logging into it ourselves?
As Backup Exec does not talk directly with Active Directory, the changes in Active Directory will not be replicated in Backup Exec. Whenever a Backup job is fired, Backup Exec talks with AD for account details and the password. Thats the reason we need to change the BE service account password every time we change the password in AD.