Showing results for 
Search instead for 
Did you mean: 

Services Account on SBS

Level 2
On page 74 of the Administrator's Guide, it reads:

"Due to security implementations in Microsoft Small Business Server, the service account must be Administrator."

How is this possible when SBS 2008 SP2 disables the Administrator account by default, and recommends to leave it that way?  On a previous installation I used my own domain admin account, which seemed to work fine at first, until the default password policy asked me to change my password.  This of course caused BE to stop working.

How should one go about installing BE on SBS?

Level 6

Backup Exec do not require "Administrator" account, but requires account who is a member of Domain Admin group.

As its SBS, I assume we are also backing up Exchange. For backing up exchange the BE Service account must be configured in the following manner:
1  : Member of the domain Admin Group
2  : Mailbox enabled account
3  : Mailbox NOT hidden from the global address list
4  : A unique account, first 5 digits must not contain "admin"

Whenever I configure BE service for backing up exchange, I create a new account named symantec in Active Directory and assign the above rights.

Backup Exec do not talk with Active Directory directly, so whenever we change the password for the BE service account we have to manually add the password in Backup Exec

hope this helps....

Level 2
Hi Dev,

So you figure the Administrator's Guide is wrong?  I was thinking along those lines.

In this case I'm not backing up Exchange, so I assume I would follow your advice but skip 2 & 3?  Since we're creating an account for this, does this increase our user CALs?  If I have policy for changing passwords every x months, will this new account be unaffected since we're never logging into it ourselves?

Thanks for all the help!


Level 6

As Backup Exec does not talk directly with Active Directory, the changes in Active Directory will not be replicated in Backup Exec. Whenever a Backup job is fired, Backup Exec talks with AD for account details and the password. Thats the reason we need to change the BE service account password every time we change the password in AD.

Hope this helps...