Link to home
Start Free TrialLog in
Avatar of RogueMac
RogueMac

asked on

Server 2008 R2 Backup account permissions

I'm not a Windows expert, so I'm turning to those who are.

I've setup a Windows Server 2008 R2 at my brother's medical office and created a special Backup account for the sole purpose of allowing the staff to monitor and initiate backups.

All files are compressed and encrypted onto flash drives.

The backups include user profiles which are saved on a different partition than the system drive and I use folder redirection to this location.

I do NOT want to make the Backup account part of the Administrators in order to limit any damage or access they can do under this special account, however, the Backup fails due to the inability to access the user profile folders, unless I include this account in the Administrators.

I tried manually adding access for the Backup account to each and every user profile folder, but 1) its way too tedious, 2) I have to do it for every new profile, 3) changing permissions has caused errors on some user profiles that completely corrupted them and required recreating the accounts.

Is there any other solution such as through GPO that will automatically grant read only access to the user profiles?

For the time being, I have included the Backup account as an administrator.
Avatar of RogueMac
RogueMac

ASKER

PS: Even if the user is included in the Administrators group, there are still some folders within the user profiles that they are unable to automatically access (e.g. Contacts, Favorites, Links...) and I have to go in and manually set the permissions.

Is there another way?
ASKER CERTIFIED SOLUTION
Avatar of SysExpert
SysExpert
Flag of Israel image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
No, I did not say I created a backup group/role; I created a Backup LOGIN account.

I've already included the Backup account as part of the backup group, but that group does not automatically gain access to all the folders, so that group in reality is useless other than allowing any accounts under such groups to run scheduled routines.

But I just noticed that even if I include the Backup account as an administrator, there are certain folders (seems to be specific to Windows 7 user-specific folders like Contact, Favorites, Links...) that Administrators group can't access which causes failures in the backup program (SyncBackPro).