09-08-2019 06:09 AM
Hi
As per the KB "https://www.veritas.com/support/en_US/article.100017184.html", the service account that is used with netbackup on client machines maust be member of local Administrator group. But for security reasons it's not allowed to be a member of local Admin group. As per the forum "https://vox.veritas.com/t5/NetBackup/NetBackup-Service-Account-requirements/td-p/625893" we provided below permissions
- Replace a process level token, - Logon as a service, - Create a token object, Allow logon locally, Backup Files & Directories, Restore Files & Directories,Logon as Batch Job, Take Ownership of Files & directories
But still if we remove the service account from local adminsitrators group the services "NetBackup Client Service, NetBackup Legacy Client Service, NetBackup Legacy Network Service" are failed to start / run.
We are looking for the permissions to be provided for these service accounts other than local Admin membership
Thanks in advance
09-09-2019 12:40 AM
Any Update please? Even the services like "NetBackup Client services" are not comming up with service account if it's not member of local Admin group
09-09-2019 12:49 AM
If the documentation says "the service account that is used with NetBackup on client machines must be member of local Administrator group", then I would assume that the documentation is correct.
09-09-2019 12:54 AM
Hello,
maybe just permission to write log directories is missing - doublecheck that the account can write to %netbackup%\logs subdirectories.
But take another point of view - backups and especially restores are one of the most powerful activities on any system. No wonder that the appropriate account must have maximum rights.
Regards
Michal