Hi,
I have added our Veeam domain service account to "vSphere web client > Administration>Access Control>Roles>Administrator" is that enough when it comes to rights within VMware?
I guess I will be able to restore a virtual machine, but will I also be able to restore a file within the virtual machine (guest file restore) or do I have to add the Veeam service account to local administrator group on each VM?
Thanks for reply.
/R Andreas
-
andreas2012
- Veeam ProPartner
- Posts: 114
- Liked: 5 times
- Joined: Jun 11, 2013 11:27 am
- Full Name: Andreas
- Contact:
-
Rick.Vanover
- Veeam Software
- Posts: 712
- Liked: 168 times
- Joined: Nov 30, 2010 3:19 pm
- Full Name: Rick Vanover
- Location: Columbus, Ohio USA
- Contact:
Re: Required Permissions
You may want to check this resource for the backups:
https://helpcenter.veeam.com/docs/backu ... tml?ver=95
For restores, you may want to explore the Restore Operator role - which has the users doing restores with zero permissions required on the B&R server, source system, vSphere environment and they cannot view the data: https://helpcenter.veeam.com/docs/backu ... tml?ver=95
https://helpcenter.veeam.com/docs/backu ... tml?ver=95
For restores, you may want to explore the Restore Operator role - which has the users doing restores with zero permissions required on the B&R server, source system, vSphere environment and they cannot view the data: https://helpcenter.veeam.com/docs/backu ... tml?ver=95
-
andreas2012
- Veeam ProPartner
- Posts: 114
- Liked: 5 times
- Joined: Jun 11, 2013 11:27 am
- Full Name: Andreas
- Contact:
Re: Required Permissions
Hi,
Thanks for good links, I have checked them out and have additional questions.
To me it seems like a good idea to add a Veeam Service account to the local administrator group on every machine in the domain, so it should not be necessary to have the service account domain admin. But then I guess I will have problem backing up domain controllers as they do not have local administrators group ??
As I can see from the documentation "Veeam Explorer for Microsoft Active Directory" requires "Administrative rights for the target Active Directory" and if I understand that line correct that means Domain admin ?
What do you guys do ?
What is the general configuration out there ?
In my environment there are several domain controllers and 600+ VM`s and 200+ physical servers
/Regards
Andreas
Thanks for good links, I have checked them out and have additional questions.
To me it seems like a good idea to add a Veeam Service account to the local administrator group on every machine in the domain, so it should not be necessary to have the service account domain admin. But then I guess I will have problem backing up domain controllers as they do not have local administrators group ??
As I can see from the documentation "Veeam Explorer for Microsoft Active Directory" requires "Administrative rights for the target Active Directory" and if I understand that line correct that means Domain admin ?
What do you guys do ?
What is the general configuration out there ?
In my environment there are several domain controllers and 600+ VM`s and 200+ physical servers
/Regards
Andreas
-
bdufour
- Expert
- Posts: 206
- Liked: 41 times
- Joined: Nov 01, 2017 8:52 pm
- Full Name: blake dufour
- Contact:
Re: Required Permissions
you can add your service account to the administrators group within your domain to back up domain controllers. this is less privileged than your domain admins group.
also make this password 15+ to break old hashing algorithms like LM. 20+ wouldnt be a bad idea.
also make this password 15+ to break old hashing algorithms like LM. 20+ wouldnt be a bad idea.
-
Rick.Vanover
- Veeam Software
- Posts: 712
- Liked: 168 times
- Joined: Nov 30, 2010 3:19 pm
- Full Name: Rick Vanover
- Location: Columbus, Ohio USA
- Contact:
Re: Required Permissions
Good suggestions @bdufour.
One suggestion is to have backup jobs explicitly for domain controller VMs or Physical Servers - and drop in explicit configuration/authentication as such.
I've seen some individuals actually chose the Veeam Agent for Windows to set an explicit account as such as well.
One suggestion is to have backup jobs explicitly for domain controller VMs or Physical Servers - and drop in explicit configuration/authentication as such.
I've seen some individuals actually chose the Veeam Agent for Windows to set an explicit account as such as well.
Who is online
Users browsing this forum: Bing [Bot], Google [Bot], sarnold and 49 guests