• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 635
  • Last Modified:

Server 2008 R2 Backup account permissions

I'm not a Windows expert, so I'm turning to those who are.

I've setup a Windows Server 2008 R2 at my brother's medical office and created a special Backup account for the sole purpose of allowing the staff to monitor and initiate backups.

All files are compressed and encrypted onto flash drives.

The backups include user profiles which are saved on a different partition than the system drive and I use folder redirection to this location.

I do NOT want to make the Backup account part of the Administrators in order to limit any damage or access they can do under this special account, however, the Backup fails due to the inability to access the user profile folders, unless I include this account in the Administrators.

I tried manually adding access for the Backup account to each and every user profile folder, but 1) its way too tedious, 2) I have to do it for every new profile, 3) changing permissions has caused errors on some user profiles that completely corrupted them and required recreating the accounts.

Is there any other solution such as through GPO that will automatically grant read only access to the user profiles?

For the time being, I have included the Backup account as an administrator.
0
RogueMac
Asked:
RogueMac
  • 2
1 Solution
 
RogueMacAuthor Commented:
PS: Even if the user is included in the Administrators group, there are still some folders within the user profiles that they are unable to automatically access (e.g. Contacts, Favorites, Links...) and I have to go in and manually set the permissions.

Is there another way?
0
 
SysExpertCommented:
No choice - backups require admin access or to be part of the backup Users group.

You should not need to create a backup group / role as it already exists.

0
 
RogueMacAuthor Commented:
No, I did not say I created a backup group/role; I created a Backup LOGIN account.

I've already included the Backup account as part of the backup group, but that group does not automatically gain access to all the folders, so that group in reality is useless other than allowing any accounts under such groups to run scheduled routines.

But I just noticed that even if I include the Backup account as an administrator, there are certain folders (seems to be specific to Windows 7 user-specific folders like Contact, Favorites, Links...) that Administrators group can't access which causes failures in the backup program (SyncBackPro).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now