Unable to backup win2003 if BESA has been disabled to login via RDP
Created: 22 Nov 2012 | Updated: 28 Nov 2012 | 4 comments
This issue has been solved. See solution.
Hello
We have a requirement that BESA (Backup exec service account) in our active directory and it should not be able to login onto windows using remote desktop. We have disabled this feature from Group Policy for "Allow log on through Terminal Services". But they should be able to run backups using same account.
for example
a. User A BESA not a domain admin
b. User B will be new BESA in future will not be a domain admin
BackupExec 2010R2 sp1 installed on windows 2008 r2
User A is able to currently run the backup job and able to login windows over remote desktop session. User B is not able to login windows using Remote desktop. User B is able to backup the windows2008 servers even if it cannot login to windows via remote desktop. But User B is not even able to pass credentials under backup job for win2003 servers and therefore it is not able to backup win2003 server. Can anyone suggest which permission is needed for win2003 because using the same User B account I am able backup win2008 servers even if I am not able to login via RDP.
Thank you
Discussion Filed Under:
Comments 4 Comments • Jump to latest comment
Hi
Ensure you have got the service rights for the account used on win2003
http://www.symantec.com/docs/TECH74365
http://support.veritas.com/docs/274341
Thanks
Sameer
Don't forget to give a "Thumbs Up" or Mark as "Solution" if someones advice has helped you.
Hello
I have given the local security policy rights already which is mentioned in your posted articles. Here is a screenshot I am attaching to show little bit more information.
I have checked, in our local policy, the following is blocked
Deny log on locally
Deny log on through Remote Desktop Services
But please take note these policy are the same in WIN2008 and WIN2003 and our WIN2008 backup is working well
If you find my comment informative and helpful please mark the post as resolved.
Hi
As per your requirement that you dont want to allow the backup exec account to do remote desktop to your remote servers please remove the deny logon locally because that is required by win2003 servers but you can keep the deny logon through terminal services this will still stop the user from doing remote desktop"
Hope that helps
Thanks
Sameer
Don't forget to give a "Thumbs Up" or Mark as "Solution" if someones advice has helped you.
Hello that is a good thought. I tried your suggestion and it is working fine.
If you find my comment informative and helpful please mark the post as resolved.
Would you like to reply?
Login or Register to post your comment.