3

I have a windows server 2019 hosting a shared folder I need to backup. My backup server is a linux machine and I always PULL the backups instead of PUSH.

I created a "backup_user" on my windows server and added him in the "backup operators" group. I also added "backup operators" in read only in the shared folder access list and in the ACL of the folder itself. But when accessing this share from another machine, my backup user can't access everywhere. I have some "private" folders with limited rights I can't backup.

Are the backup operators only for local use ?

SOLUTION:

Finally defined access rights everywhere for my backup user and everything is fine with my rsync oven CIFS mount.

darxmurf
  • 133
  • 3

1 Answers1

1

Not the way you are doing it. SeBackupPrivilege is disabled by default and must be present and enabled in an access token presented to the remote system. I also don't believe this would work by specifying credentials for a local account on the target system, so if you want to do this remotely it would need to be a domain account.

An example of how this would be done in code is here:

https://stackoverflow.com/questions/50143818/impersonate-access-token-with-backup-and-restore-privilege-for-copying-file-acro

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
  • hmm okay, thanks for the answer. I'll do it the "classic" was by adding my backup user in the ACL of folders I want to backup. – darxmurf Nov 01 '19 at 11:33