Friday, July 24, 2015

Backing up to network share using Local System account

When using Windows Server Backup with a destination location of network share, during the schedule setup wizard it wants you to provide a user name and password.  Since normal user accounts would often change passwords, this would eventually cause backup failures.  The alternative of using service accounts is possible, but its not all that necessary and just adds to the overhead.  Using Local System (ie. the computer account) allows you to not have to worry about passwords or accounts that might get compromised (or locked out).  To set up the backup, you will need to go through the gui using an account that does have access, and has a password.  Once you have the backup scheduled, you can edit it with schtasks.

First of all, you need to set up the shared folder.  Ensure the share permissions and ntfs permissions allow both the computer account of the machine that is being backed up, and the account creating the task initially.

After this, run through the GUI wizard to schedule the backup.  This creates a scheduled task in Task Scheduler Library -> Microsoft -> Windows -> Backup.

To edit this task in schtasks.exe you will need to provide the path details in addition to the task name, which should be "Microsoft-Windows-WindowsBackup".  So the full task name is "\Microsoft\Windows\Backup\microsoft-windows-windowsbackup".

To edit it to use the System account:

C:\>schtasks /change /tn "\Microsoft\Windows\Backup\microsoft-windows-windowsbackup" /ru "nt authority\system"

SUCCESS: The parameters of scheduled task "\Microsoft\Windows\Backup\microsoft-w
indows-windowsbackup" have been changed.

1 comment:

  1. While in normal scheduled task, you can specify System, the Object Picker in server backup forces us to use a normal account. Pain in the ass! My company disable store password and now I have no way to create a backup job!