Dear forum,
I'm quite sure to remember from the past that a domain service account that is used for Veeam guest processing (AAP / GFSI) must not be member of the AD Protected Users group.
Is it currently supported with v12 / v12.2? I cannot find the required information in the manuals, maybe you can help and give a feedback.
Hint: I know that gMSA can be used instead but I have many customers that are using AD tiering along with "classic" service accounts and these customers are the target of my idea.
Thanks in advance!
Best regards from Germany
Lukas
-
Lukas-K
- Influencer
- Posts: 13
- Liked: 2 times
- Joined: Jun 03, 2024 3:53 pm
- Full Name: Lukas Klostermann
- Location: Germany
- Contact:
-
PetrM
- Veeam Software
- Posts: 3624
- Liked: 608 times
- Joined: Aug 28, 2013 8:23 am
- Full Name: Petr Makarov
- Location: Prague, Czech Republic
- Contact:
Re: Protected Users for AD Veeam Service Accounts
Hi Lukas,
We quickly checked this scenario in our lab, and everything works fine. The accounts used for guest processing must have the following permissions:
1. Logon as a batch job granted
2. Deny logon as a batch job not set
3. Deny logon as a service not set
Thanks!
We quickly checked this scenario in our lab, and everything works fine. The accounts used for guest processing must have the following permissions:
1. Logon as a batch job granted
2. Deny logon as a batch job not set
3. Deny logon as a service not set
Thanks!
Who is online
Users browsing this forum: No registered users and 1 guest