Veeam Security Tier concept

[Alex_z]

Hello everybody

we have several customers with Veeam B&R and want to setup a security tier concept.
I wonder how other companies setup their veeam infrastructure to give backup services users only the rights which they need for backup.

As I know veeam service user needs domain admin permission to backup active directory (application aware)... is this true?
https://helpcenter.veeam.com/docs/backu ... l?ver=95u4
"To back up Microsoft Active Directory data, the account must be a member of the Domain Admins group."

Do you always use this "domain admin service user" then for all backups? Or only for guest processing?



Please feel free to share your know how...


Thanks


Alex

[Vitaliy S.]

Hi Alex,

As I know veeam service user needs domain admin permission to backup active directory (application aware)... is this true?

If you're talking about backing up a DC, then yes, otherwise you will not be able to properly freeze it.

Do you always use this "domain admin service user" then for all backups? Or only for guest processing?

For application-aware guest processing local admin privileges are required, so it's not only a domain account.

BTW, here is a good read on Veeam B&R Best Practices. Search for the Infrastructure Hardening section.

Thanks!