February 19, 2008 at 2:21 pm
I have a network admin that has been asking me to create a local admin account on a clustered server for backing up a folder with sql backups::
Here is the deal:
I do not want him to run an agent backing up my sql databases, that will break my backup chain and you know that. Also, I do not want him to have an admin right to that clustered server.
Therefore, all I wanted him to do was to backup a FOLDER on the D or Y drive and get it over with.
I just don't understand why I have to give him the server admin rights.
can anyone explain this @#$@# thing to me.
thx
Sorry about that..
John Esraelo
p.s. I know that I can have an SSIS to copy 15 gig folders to another server with the fastest transfer rate and have them backing up those folders on server B. But, I am just curious and that was bugging me. you know how it is right..?
🙂
Cheers,
John Esraelo
February 19, 2008 at 6:23 pm
Has he actually stated that he wants to run a Backup Exec SQL Agent? From what you've written, he just wants to do what you want him to - backup the folder that has the backups created by SQL Server.
Is Backup Exec already installed on the server and backing stuff up? All the agent should need is at least read access, maybe write access to the folder structure the backup files are stored in (if it sets the Archive attribute on the file, but I don't think that's necessary).
If it must be a local account, make sure it is setup (the same) on all nodes.
MARCUS. Why dost thou laugh? It fits not with this hour.
TITUS. Why, I have not another tear to shed;
--Titus Andronicus, William Shakespeare
February 20, 2008 at 11:42 am
First of all, I would like to thank you for the reply.
I have created a share (with proper security and sharing) but when he is trying to add the path to the backup software console he gets an error with a generic error message (of course). And, that is when he tells us that the account that is being used for backup (called BackupExec) must be a local admin to the server regardless the rights to the shared folder >:<
Here is the catch, my CIO does not want any member of IT operations/networks have an admin rights to this box. Although, I have been on SOX committees for other companies and having at least 1 trusted admin person should be fine. It is all about countability, right? However, there must have something happened in the past that the CIO does not want them to have a full acces to this ONE server and I would like to grant his wish.
ps. I have created an SSIS package to copy the backup files created by SQL to another server where they can do their thingie.. this morning.
BUT I am really interested in knowing why he can not do what we have asked him. I might even take a class or two or spend a chunk of cash by calling the backupexec people and find out..
John Esraelo
Cheers,
John Esraelo
February 20, 2008 at 10:08 pm
I do not know the version of your BackupExec. Here is a link for your reference.
http://seer.entsupport.symantec.com/docs/285757.htm
"Security and database access"
BackupExec admin guide should have seurity requirements about this.
February 20, 2008 at 10:18 pm
This is very good piece of information. Awesome.
I need to re-read what I posted, I just sounded like an idiot.
I do not want them to use the agent to backup my sql, instead we would like the backup exec to backup a folder with its subdirectory structure.
We can even take the SQL out of this equation and just focus on that folder.
We have been told that even for that purpose the service account must be a local administrator to the box and we are arguing that at work.
While we are debating this issue; I have created an SSIS package that copys the entire folder to another server where they have the admin rights they have been asking for. It is just not making sense that they are not able to backup this shared folder with full control.
John Esraelo
Cheers,
John Esraelo
February 21, 2008 at 12:23 pm
Is the Backup Exec agent installed on the server already?
In order for the agent to be able to backup all (specified) files on a given machine, it needs rights to those files (especially in the case of system files). The easiest way to guarantee this is to give the backup agent service account admin access to the server.
Of course, just because an account has admin rights in Windows doesn't mean they automatically have admin rights in SQL Server - if you have configured your security as such.
MARCUS. Why dost thou laugh? It fits not with this hour.
TITUS. Why, I have not another tear to shed;
--Titus Andronicus, William Shakespeare
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply