cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Unable to backup win2003 if BESA has been disabled to login via RDP

Go to solution
WikiDonor
Level 6

‎11-22-2012 05:54 PM

 

Hello 
 
We have a requirement that BESA (Backup exec service account)  in our active directory and it should not be able to login onto windows using remote desktop. We have disabled this feature from Group Policy for "Allow log on through Terminal Services". But they should be able to run backups using same account. 
 
for example
 
a. User A BESA not a domain admin
b. User B will be new BESA in future will not be a domain admin
 
BackupExec 2010R2 sp1 installed on windows 2008 r2
 
User A is able to currently run the backup job and able to login windows over remote desktop session. User B is not able to login windows using Remote desktop. User B is able to backup the windows2008 servers even if it cannot login to windows via remote desktop. But User B is not even able to pass credentials under backup job for win2003 servers and therefore it is not able to backup win2003 server. Can anyone suggest which permission is needed for win2003 because using the same User B account I am able backup win2008 servers even if I am not able to login via RDP.
 
Thank you 
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Backup_Exec1
Level 6
Employee Accredited Certified

‎11-28-2012 05:34 PM

Hi

As per your requirement that you dont want to allow the backup exec account to do remote desktop to your remote servers please remove the deny logon locally because that is required by win2003 servers but you can keep the deny logon through terminal services this will still stop the user from doing remote desktop"

Hope that helps

Thanks

 

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
Backup_Exec1
Level 6
Employee Accredited Certified

‎11-22-2012 07:14 PM

Hi

Ensure you have got the service rights for the account used on win2003

http://www.symantec.com/docs/TECH74365

Requirements for the Backup Exec Service Account (BESA)

 http://support.veritas.com/docs/274341

 

Thanks

0 Kudos

Go to solution
WikiDonor
Level 6

‎11-22-2012 08:17 PM

Hello 

 

I have given the local security policy rights already which is mentioned in your posted articles. Here is a screenshot I am attaching to show little bit more information.

 

I have checked, in our local policy, the following is blocked

Deny log on locally
Deny log on through Remote Desktop Services

But please take note these policy are the same in WIN2008 and WIN2003 and our WIN2008 backup is working well

 

4.JPG
78 KB
0 Kudos

Go to solution
Backup_Exec1
Level 6
Employee Accredited Certified

‎11-28-2012 05:34 PM

Hi

As per your requirement that you dont want to allow the backup exec account to do remote desktop to your remote servers please remove the deny logon locally because that is required by win2003 servers but you can keep the deny logon through terminal services this will still stop the user from doing remote desktop"

Hope that helps

Thanks

 

0 Kudos

Go to solution
WikiDonor
Level 6

‎11-28-2012 05:43 PM

Hello that is a good thought. I tried your suggestion and it is working fine.

0 Kudos