Availability for the Always-On Enterprise
Post Reply
$username
Veeam ProPartner
Posts: 65
Liked: 6 times
Joined: Dec 09, 2014 4:28 pm
Full Name: Gary Busey
Contact:

Rename Administrator account and use UAC with B&R

Post by $username » Nov 08, 2017 3:29 pm

I have been doing some testing with Veeam and our new 2016 deployments and I have noticed something that is causing us some issues.

We're wanting to rename the local admin account as is starting to become a security practice but with Veeam primarily it is causing us some issues.

I have renamed our local admin account to something not Administrator, when I do this with UAC enabled it fails, the SID should not have changed, it is the same account but with a different name, or does this alone change the SID even though none of the permissions have changed?

If I disable UAC it is fine.

Is there a hard coded logic in Veeam that says "Not named Administrator and UAC enabled just fail"? or is something actually changing in the rename that is breaking a permission Veeam needs?

Edit: I have confirmed the SID for the local admin account is still a 500 level account.

I have also read this applicable KB https://www.veeam.com/kb1788

But it seems to me if the SID is the same, it should work since the access hasn't changed.

foggy
Veeam Software
Posts: 16821
Liked: 1358 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Rename Administrator account and use UAC with B&R

Post by foggy » Nov 08, 2017 4:25 pm

My understanding was that renamed built-in administrator account still can be used to bypass UAC. I'd recommend contacting support for a closer look.

$username
Veeam ProPartner
Posts: 65
Liked: 6 times
Joined: Dec 09, 2014 4:28 pm
Full Name: Gary Busey
Contact:

Re: Rename Administrator account and use UAC with B&R

Post by $username » Nov 08, 2017 4:26 pm

I opened case 02376125, they've advised me that it has to be named Administrator with no workaround.

I am curious if this is a limitation of Veeam or Windows or what is the reason behind this.

$username
Veeam ProPartner
Posts: 65
Liked: 6 times
Joined: Dec 09, 2014 4:28 pm
Full Name: Gary Busey
Contact:

Re: Rename Administrator account and use UAC with B&R

Post by $username » Nov 08, 2017 4:53 pm 1 person likes this post

Was successfully able to rename the account, turns out we had a restrictive UAC policy in place that forced UAC and was causing issues with Veeam.

Post Reply

Who is online

Users browsing this forum: alex.mihai, BrentBPPI, darmarko and 48 guests