Veeam V10 - Install best practice.

[OneForTheTeam]

Hello,

Running vCentre with two ESXI v7 hosts with Windows VMs. Some guidance needed.

Is it best to set up a service account in AD added to the domain users group and use this account to run backup jobs?

Should this account have local admin access on the VM its backing up?

What about Domain Controllers as they do not have local admin accounts?

Thanks!

[Egor Yakovlev]

Hi Mark

Yes, service account is a good idea. To be clear, there are 2 levels of access:
- account used to access vCenter, one that actually performs backup, sufficient for data protection. That account is set when adding vCenter to VBR. List of permissions needed for this account can be found here.
- (optional) account used to access VM guest OS, to add application-aware image processing for above said backup. That account is set on Guest Processing tab of backup job. And yes, that account must be in local Administrators group(doesn't have to be machine\account local, it can be domain\account with correct membership). Various scenarios might also require additional permissions(for example to process MS SQL transaction logs, or Domain Controller backup will add new ones), full list of in-guest account permissions can be found here.

Hope that helps!

[OneForTheTeam]

Egor - perfect. That clears that up nicely.