Discussions specific to the Microsoft Hyper-V hypervisor
Post Reply
Alex_z
Lurker
Posts: 1
Liked: never
Joined: Aug 07, 2019 2:22 pm
Full Name: Alexandra Zimmermann
Contact:

Veeam Security Tier concept

Post by Alex_z »

Hello everybody :)

we have several customers with Veeam B&R and want to setup a security tier concept.
I wonder how other companies setup their veeam infrastructure to give backup services users only the rights which they need for backup.

As I know veeam service user needs domain admin permission to backup active directory (application aware)... is this true?
https://helpcenter.veeam.com/docs/backu ... l?ver=95u4
"To back up Microsoft Active Directory data, the account must be a member of the Domain Admins group."

Do you always use this "domain admin service user" then for all backups? Or only for guest processing?



Please feel free to share your know how...


Thanks


Alex

Vitaliy S.
Product Manager
Posts: 24075
Liked: 1807 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Veeam Security Tier concept

Post by Vitaliy S. »

Hi Alex,
Alex_z wrote:As I know veeam service user needs domain admin permission to backup active directory (application aware)... is this true?
If you're talking about backing up a DC, then yes, otherwise you will not be able to properly freeze it.
Alex_z wrote:Do you always use this "domain admin service user" then for all backups? Or only for guest processing?
For application-aware guest processing local admin privileges are required, so it's not only a domain account.

BTW, here is a good read on Veeam B&R Best Practices. Search for the Infrastructure Hardening section.

Thanks!

Post Reply

Who is online

Users browsing this forum: Baidu [Spider] and 9 guests