I know, it's deprecated to use an internal hard disk as a backup target device but I'm a lazy guy. At home I don't have an always-on NAS to use as a backup target and, if I use an offline external USB drive, I will forget to connect it for backups most of times.
So I would like to find a safer way to use a secondary internal hard disk as a target and save to my C: drive as a volume backup.
My first try was to give target folder permissions to a different user, share it and point to it in Veeam configuration as it was an external shared folder. The trick did not work.
My second try was to change the target backup directory permission and now only SYSTEM can write to it. Since SYSTEM is the VEB service user of choice, backup seems running fine and I suppose that malware will not be able to have easy access to it. As a downside, I have to temporary reassign backup target permissions to the logged in user when a file level restore is needed.
Am I missing something? Is this workaround worth it or it's easy for a malware to impersonate SYSTEM?
Thank you for your suggestions.