I'm having a problem reconciling our security policy with the requirements for the "Guest OS Credentials" for Application Aware Image Processing. I thought I'd air it on the forum to see if there is a workaround.
Our network security policy states that all "administrator" accounts must have passwords that change periodically. Consequently service accounts have to be non-Administrator or Windows "built-in" accounts. This conflicts with the Veeam B&R requirement that we provide the credentials for a local Administrator in the Application Aware Image Processing. I'd prefer not to have to update the job properties every time the password changes.
On investigating this further, according to Microsoft VSS documentation the VSS Requestor can be a member of the "Backup Operators" group and does not have to be an Administrator. That would be fine however, when I try this Veeam B&R is unable to install the Agent:
I wondered if there is a supported workaround by granting "Backup Operators" permissions on specific shares and folders to enable this to work? Is it even possible?Starting guest agent
Cannot upload guest agent's files to the administrative share [C:\WINDOWS].
Cannot create folder [C:\WINDOWS\VeeamVssSupport] in guest.
VIX Error: You do not have access rights to this file Code: 13
The environment is VMware ESX v4.1 and all VM's are Windows 2008 R2.
Thank-you in advance.