Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 632
  • Last Modified:

Server 2008 R2 Backup account permissions

I'm not a Windows expert, so I'm turning to those who are.

I've setup a Windows Server 2008 R2 at my brother's medical office and created a special Backup account for the sole purpose of allowing the staff to monitor and initiate backups.

All files are compressed and encrypted onto flash drives.

The backups include user profiles which are saved on a different partition than the system drive and I use folder redirection to this location.

I do NOT want to make the Backup account part of the Administrators in order to limit any damage or access they can do under this special account, however, the Backup fails due to the inability to access the user profile folders, unless I include this account in the Administrators.

I tried manually adding access for the Backup account to each and every user profile folder, but 1) its way too tedious, 2) I have to do it for every new profile, 3) changing permissions has caused errors on some user profiles that completely corrupted them and required recreating the accounts.

Is there any other solution such as through GPO that will automatically grant read only access to the user profiles?

For the time being, I have included the Backup account as an administrator.
0
RogueMac
Asked:
RogueMac
  • 2
1 Solution
 
RogueMacAuthor Commented:
PS: Even if the user is included in the Administrators group, there are still some folders within the user profiles that they are unable to automatically access (e.g. Contacts, Favorites, Links...) and I have to go in and manually set the permissions.

Is there another way?
0
 
SysExpertCommented:
No choice - backups require admin access or to be part of the backup Users group.

You should not need to create a backup group / role as it already exists.

0
 
RogueMacAuthor Commented:
No, I did not say I created a backup group/role; I created a Backup LOGIN account.

I've already included the Backup account as part of the backup group, but that group does not automatically gain access to all the folders, so that group in reality is useless other than allowing any accounts under such groups to run scheduled routines.

But I just noticed that even if I include the Backup account as an administrator, there are certain folders (seems to be specific to Windows 7 user-specific folders like Contact, Favorites, Links...) that Administrators group can't access which causes failures in the backup program (SyncBackPro).
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now