Under UAC, all accounts in the local Administrators group run with a standard user access token, also known as UAC access-token filtering. User Account Control (UAC) access-token filtering can affect which operations are allowed or what data is returned. If you connect to a remote computer using a nondomain/local user account included in the local Administrators group of the remote computer, then you must explicitly grant remote DCOM access, activation, and launch rights to the account. Note: UAC affects connections for nondomain/local user accounts. Make sure the Local Administrator account is highly secure in this case. global security policy) to use the builtin local administrator account, you can create a new local account and give it administrative access. When your organisation does not allow you (e.g. In the event that one of those accounts get compromised the other repository servers stay secure. By using local Account specific per Veeam Backup Repository server you increase the level of protection. As an extra precaution make sure you rename the account so a potential hacker has to guess the account name and the password. The easiest and best way to leverage a local account with administrative access to the repository server is by using the builtin Local Administrator account. This way access is restricted, who does have access is registered and monitored at certain specified levels. Place the repository servers in a Restricted Zone, because these servers contain a 100% copy of your production environment! The repository servers should be physical secured, and have appropriate access control systems in place.
Otherwise if everything is lost you could have a chicken and egg problem around accounts wanting to authenticate against a domain which is no longer available.įurthermore if a Domain Admin account is compromised you do not want that account to be able to overrule a backup repository account password so the hacker gets access to the backup files together with access to the whole environment.
When protecting the whole environment you do not want the Veeam repository to be tied to the same Windows Active Directory domain you are protecting with the backup.
The backup window affects only the data transport process and health check operations.