Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Unable to backup win2003 if BESA has been disabled to login via RDP

Created: 22 Nov 2012 • Updated: 28 Nov 2012 | 4 comments
This issue has been solved. See solution.

 

Hello 
 
We have a requirement that BESA (Backup exec service account)  in our active directory and it should not be able to login onto windows using remote desktop. We have disabled this feature from Group Policy for "Allow log on through Terminal Services". But they should be able to run backups using same account. 
 
for example
 
a. User A BESA not a domain admin
b. User B will be new BESA in future will not be a domain admin
 
BackupExec 2010R2 sp1 installed on windows 2008 r2
 
User A is able to currently run the backup job and able to login windows over remote desktop session. User B is not able to login windows using Remote desktop. User B is able to backup the windows2008 servers even if it cannot login to windows via remote desktop. But User B is not even able to pass credentials under backup job for win2003 servers and therefore it is not able to backup win2003 server. Can anyone suggest which permission is needed for win2003 because using the same User B account I am able backup win2008 servers even if I am not able to login via RDP.
 
Thank you 

Comments 4 CommentsJump to latest comment

Backup_Exec's picture

Hi

Ensure you have got the service rights for the account used on win2003

http://www.symantec.com/docs/TECH74365

Requirements for the Backup Exec Service Account (BESA)

 http://support.veritas.com/docs/274341

 

Thanks

Sameer

Don't forget to give a "Thumbs Up" or Mark as "Solution" if someones advice has helped you.

WikiDonor's picture

Hello 

 

I have given the local security policy rights already which is mentioned in your posted articles. Here is a screenshot I am attaching to show little bit more information.

 

I have checked, in our local policy, the following is blocked

Deny log on locally
Deny log on through Remote Desktop Services

But please take note these policy are the same in WIN2008 and WIN2003 and our WIN2008 backup is working well

 

4.JPG

If you find my comment informative and helpful please mark the post as resolved.

Backup_Exec's picture

Hi

As per your requirement that you dont want to allow the backup exec account to do remote desktop to your remote servers please remove the deny logon locally because that is required by win2003 servers but you can keep the deny logon through terminal services this will still stop the user from doing remote desktop"

Hope that helps

Thanks

 

Sameer

Don't forget to give a "Thumbs Up" or Mark as "Solution" if someones advice has helped you.

SOLUTION
WikiDonor's picture

Hello that is a good thought. I tried your suggestion and it is working fine.

If you find my comment informative and helpful please mark the post as resolved.