I'm not a Windows expert, so I'm turning to those who are.
I've setup a Windows Server 2008 R2 at my brother's medical office and created a special Backup account for the sole purpose of allowing the staff to monitor and initiate backups.
All files are compressed and encrypted onto flash drives.
The backups include user profiles which are saved on a different partition than the system drive and I use folder redirection to this location.
I do NOT want to make the Backup account part of the Administrators in order to limit any damage or access they can do under this special account, however, the Backup fails due to the inability to access the user profile folders, unless I include this account in the Administrators.
I tried manually adding access for the Backup account to each and every user profile folder, but 1) its way too tedious, 2) I have to do it for every new profile, 3) changing permissions has caused errors on some user profiles that completely corrupted them and required recreating the accounts.
Is there any other solution such as through GPO that will automatically grant read only access to the user profiles?
For the time being, I have included the Backup account as an administrator.