Pre and Post Script - run as different user

[AndyK_UK]

Hi,

First time poster, running evaluation of Veeam.
We currently have Backup Exec.

I've come across an issue and my Veeam contact suggest I post on here!

I run pre and post scripts, on my backup exec server they run on the remote system - IE I specify \\server\share\prescript.bat

The script runs as the service account which the Backup Exec services run as (a domain account)

As Veeam runs as local system, the batch files also seem to run as this.
Therefore that account does not have access to the remote server share.

I've currently worked around this by adding the veeam server computer account as a local admin on the remote server.

I don't really like this as a workaround, any suggestions in how to have the script run as a different account?

Thanks in advance

Andy

[vClintWyckoff]

Quickly thinking off the top of my head but psexec allows you to run batch files with different username / password combinations whereas runas does not. Just make sure that psexec is installed on the target computer.

[AndyK_UK]

Hi
Thanks for the reply.
I did think about that. But if rather not have the username and password innplain text in a file.

If the script does rum as the service account I'd prefer to change that to a domain account but I'm not sure if there is anything more to it apart from changing the details against the services

Thanks

Andy

[vClintWyckoff]

I’m completely with you on that one. You could however only have the username in the Veeam job, something like:

Code: Select all

Psexec \\computername -u user p password

But that still has the secret in the Veeam job, so not the best but it’s atleast not it on your server.

[vClintWyckoff]

Actually, enable guest processing, choose the right user from credential manager and then on the last tab of the actual application aware image processing you’ll see scripts...this should do the trick. Here’s the how to link.

https://helpcenter.veeam.com/docs/backu ... tml?ver=95

[AndyK_UK]

Hi
Thanks for the reply. I will check that out. When I tried pre and post thaw scripts earlier in the real, the pre worked fine, then the snapshot was taken but as soon as the snapshot creation competed the post thaw ran, I thought it should surely run when the snapshot is removed after the backup has competed?

Thanks

Andy

[zlep]

guest processing is not available at copy jobs

[dmiller]

There is always the option to use powershell with an encrypted hash of the user creds (the on you want to use) to run the command with admin rights... please see this example:
.
[string]$AESKeyFilePath = "\\server\somepath\Powershell\resources\Special$\keyfile1.txt"
[string]$SecurePwdFilePath = "\\server\somepath\Powershell\resources\Special$\keyfile2.txt"
[string]$Adminusername = "NBname\adminID"
$AESKey = Get-Content $AESKeyFilePath
$pwdTxt = Get-Content $SecurePwdFilePath
$securePwd = $pwdTxt | ConvertTo-SecureString -Key $AESKey
$Credential = New-Object System.Management.Automation.PSCredential -ArgumentList $Adminusername,$securePwd
$JobCmd = "C:\WINDOWS\system32\shutdown -f -s -t 5 -m \\servername"
Invoke-Command -ComputerName:$ServerName -Credential:$Credential -ScriptBlock {$JobCmd }
.
references:
https://stackoverflow.com/questions/323 ... th-set-acl
https://docs.microsoft.com/en-us/powers ... rshell-7.2
https://adamtheautomator.com/invoke-command/