cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Service accounts for NetBackup Client

sirin_zarin
Level 4
Partner Accredited

‎10-09-2012 09:42 AM

Hi all,

Can somebody tell what rights are needed to run NetBackup Client services on Windows for non admin account and non Local System Account?

i found this http://www.symantec.com/business/support/index?page=content&id=TECH33693
and found this http://www.symantec.com/business/support/index?page=content&id=TECH50318

//////////////

 

The NetBackup Client Service must be started an account which has the following permissions:

- Act as part of the operating system

- Replace a process level token

- Logon as a service

- Create a token object

Change the permissions for the account starting the NetBackup Client Service and restart the service. 

//////////////

Dnd set them to the user under which the NetBackup Client service runs, but it did not help.

Maybe someone else has ideas...

 

 

0 Kudos
9 REPLIES 9

Marianne
Level 6
Partner    VIP    Accredited Certified

‎10-09-2012 11:28 AM

Please help us understand the reason for your query? Not sure what this means?

Dnd set them to the user under which the NetBackup Client service runs, but it did not help.

It did not help for what? 

Are you trying to use the Java Console to logon to Windows Master?

Why Java and not Windows Admin Console?

What steps have you followed to config Java for Windows logon?

What is the Windows version on your Master?

Which NBU version?


Handy NetBackup Links
0 Kudos

Omar_Villa
Level 6
Employee

‎10-09-2012 11:41 AM

LocalSystem is enough, only have see Exchange and SQL to ask to change for this. why you need to change this?

0 Kudos

sirin_zarin
Level 4
Partner Accredited

‎10-09-2012 11:49 AM

Hello Marianne,

I use NBU 7.1 with Master on linux and Media on Windows and Linux. I have NetBackup Client on Windows  client (win 2003\2008).

I'm not talking about the console, I'm talking about NetBackup Client system service on the client server.

rather I'm talking about a service account to run the NetBackup Client service is not from the administrator and not on Local System Account on Windows client (win 2003\2008).

 

0 Kudos

Marianne
Level 6
Partner    VIP    Accredited Certified

‎10-09-2012 12:00 PM

My question exactly.

The two technotes that you have posted are both for Java Console logging on to Windows master.

Why do you need to change the logon account? What does this statement mean? 

Dnd set them to the user under which the NetBackup Client service runs, but it did not help.

What did you or did not do? Did not help for what? Are you getting any error messages?

Why do you need to change Client Service logon account? Are you running a database or application such as Oracle, SQL, Exchange, SAP, etc on Windows?
If no database or application, why not simply leave NBU to run as LocalSystem?

We would really try to help, but it is not clear why you want to change the Client Service logon account.


Handy NetBackup Links
0 Kudos

sirin_zarin
Level 4
Partner Accredited

‎10-09-2012 12:11 PM

 

We would really try to help, but it is not clear why you want to change the Client Service logon account.
 
This requirement of the customer. I'm just trying to figure out whether you can do it.
0 Kudos

Marianne
Level 6
Partner    VIP    Accredited Certified

‎10-09-2012 12:23 PM

You are the 'Accredited Partner'. You need to find out WHY. 

NBU runs fine under LocalSystem Account.

Only when databases or Apllications are being backed up does the Client service need to be changed. 
Details in the relevant Agent Guides.

Are you sure the need is for NBU Service accounts to be changed? Or do they need to manage NBU as non-Admin users?

Please find out exact requirement. 


Handy NetBackup Links
0 Kudos

Will_Restore
Level 6

‎10-09-2012 12:24 PM

I'm with Omar and Marianne.  Stick with LocalSystem.  Why would customer want otherwise? 

 

0 Kudos

sirin_zarin
Level 4
Partner Accredited

‎10-09-2012 12:32 PM

I'm with Omar and Marianne.  Stick with LocalSystem.  Why would customer want otherwise? 

Current policies are required to run the service with the least privileges necessary for their proper operation. also not stack launch services with administrative privileges.
 
Of course there is taken into account that if it is possible.
0 Kudos

Will_Restore
Level 6

‎10-09-2012 12:54 PM

Of course you could start each service with a different account but that would be a maintenance and management nightmare.

 

See this writeup for example: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-ne...

"It is always preferable from a security perspective to run as your own service account that has precisely the permissions you need to do what your service does and nothing else. However, the cost of this approach is setting up your service account, and managing the password. It's a balancing act that each application needs to manage."

 

0 Kudos