Run as different user?

[minahanse]

I'm wondering if by creating a designated user account in Windows and using that for backing up would prevent ransomware from encrypting the USB drive. The USB drive would of course only be accessible to that specific user account. I tried doing this but where I keep getting stuck is the fact that Veeam Endpoint Backup service runs as "Local Systems account" and thus SYSTEM account needs access to the USB in order for the backup to be successful. Is there a way to do something in these lines? I am trying to find a solution to elderly people who won't remember to replug the USB drive if using the unplug after backup done feature. Another thing I was wondering was that could the USB drive be shared to the network and then using the Veeam's backup to share feature?

[Dima P.]

Hi minahanse,

Is there a way to do something in these lines?

By setting another account you have to grant the same level of permissions localsystem account has, so I believe it does not make any difference.

Another thing I was wondering was that could the USB drive be shared to the network and then using the Veeam's backup to share feature?

Yes, it should work. If shared drive is visible thru the network surroundings you can use it as a shared folder destination.

[minahanse]

Thank you Dima P for the quick reply.

I got the USB drive shared and Veeam is now backing up to it as it should, the key was to also make the service run as same username. I'm just curious if this is enough to prevent ransomware from infecting the backup files on the USB drive? Assuming of course that the username which has write access won't be used for anything else and thus never logged on as unless backup needed.

[Dima P.]

Thanks for the heads up. I guess, if the account is dedicated to backup job and not used by end users - you are good to go.

[folerx]

is is this good procedure?
1. make new local account, example "backup"
2. add this account to local "backup operators" group
3. sign in as this new account
4. make new folder on external usb disk and set ntfs acl with write permission to this new account
5. configure veb and point it to this new folder
6. sign out and sign in to standar user
7. veb will backup in background as we configure it in step 5?
8. ransom cant access backup folder?

tnx

[folerx]

update
my steps 1-8 wont work, access denied
veb wont eject hdd
how to run veb as different user against ransomware?

[Dima P.]

Daniel,

VEB is not running under your local user account - instead it operates under built in LocalSystem account

[folerx]

Ok, how to set ntfs acl for different user so that only this user can access files? If standard user run ransomware he cant encrypt files.

[chaycock]

Since VEB runs as SYSTEM, could you just create a backup folder on the USB and remove all rights and just grant SYSTEM the rights needed to write to the drive/folder?

[folerx]

Since VEB runs as SYSTEM, could you just create a backup folder on the USB and remove all rights and just grant SYSTEM the rights needed to write to the drive/folder?

ok, but when i need to restore job, how to access backup files?

[Vitaliy S.]

I guess you will need to revert all the changes back to access these files.