Rename Administrator account and use UAC with B&R

Availability for the Always-On Enterprise

Rename Administrator account and use UAC with B&R

Veeam Logoby $username » Wed Nov 08, 2017 3:29 pm

I have been doing some testing with Veeam and our new 2016 deployments and I have noticed something that is causing us some issues.

We're wanting to rename the local admin account as is starting to become a security practice but with Veeam primarily it is causing us some issues.

I have renamed our local admin account to something not Administrator, when I do this with UAC enabled it fails, the SID should not have changed, it is the same account but with a different name, or does this alone change the SID even though none of the permissions have changed?

If I disable UAC it is fine.

Is there a hard coded logic in Veeam that says "Not named Administrator and UAC enabled just fail"? or is something actually changing in the rename that is breaking a permission Veeam needs?

Edit: I have confirmed the SID for the local admin account is still a 500 level account.

I have also read this applicable KB https://www.veeam.com/kb1788

But it seems to me if the SID is the same, it should work since the access hasn't changed.
$username
Veeam ProPartner
 
Posts: 64
Liked: 6 times
Joined: Tue Dec 09, 2014 4:28 pm
Full Name: Gary Busey

Re: Rename Administrator account and use UAC with B&R

Veeam Logoby foggy » Wed Nov 08, 2017 4:25 pm

My understanding was that renamed built-in administrator account still can be used to bypass UAC. I'd recommend contacting support for a closer look.
foggy
Veeam Software
 
Posts: 15394
Liked: 1142 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: Rename Administrator account and use UAC with B&R

Veeam Logoby $username » Wed Nov 08, 2017 4:26 pm

I opened case 02376125, they've advised me that it has to be named Administrator with no workaround.

I am curious if this is a limitation of Veeam or Windows or what is the reason behind this.
$username
Veeam ProPartner
 
Posts: 64
Liked: 6 times
Joined: Tue Dec 09, 2014 4:28 pm
Full Name: Gary Busey

Re: Rename Administrator account and use UAC with B&R

Veeam Logoby $username » Wed Nov 08, 2017 4:53 pm 1 person likes this post

Was successfully able to rename the account, turns out we had a restrictive UAC policy in place that forced UAC and was causing issues with Veeam.
$username
Veeam ProPartner
 
Posts: 64
Liked: 6 times
Joined: Tue Dec 09, 2014 4:28 pm
Full Name: Gary Busey


Return to Veeam Backup & Replication



Who is online

Users browsing this forum: Google Feedfetcher and 1 guest