MSP360 Backup was designed with security in mind. For that reason, we’ve decided to enable the support for backup operators in the latest version of our flagship backup solution — release 5.7. This novelty will further expand your ability to limit the backup’s service permissions by running it under user accounts that are part of the Backup Operators group. Read on to learn how you can utilize the new feature.
Introduction
Members of the Backup Operators group can back up and restore files on a computer, regardless of any permissions that protect those files. This is because the right to perform a backup takes precedence over all file permissions. Members of this group, however, cannot change security settings.
By default, MSP360 Backup service is running under the Local System account, which not only sometimes forbids the reading of NTFS permissions, but also has an excessive number of various other permissions — that could be a concern for some administrators. Taking that into consideration, it makes sense to consider starting the service under a user that is part of the Backup Operators group. Now let’s see how you can do that.
Adding a user to the Backup Operators group
For the sake of this example, we'll create a sample user. Open up File Explorer, right-click on This PC, and click Manage.
The Computer Management window will appear. In the left sidebar menu, expand Local Users and Groups, right-click on Users, and click New User.
Enter the new user's credentials, select the required check boxes, and conclude creating the user by clicking Create.
Now navigate to the Groups folder located right beneath the Users. Find the Backup Operators group, right-click on it, and click Add To Group.
Click Add.
Enter the name of the recently created user and click OK. Now the user is part of the Backup Operators group.
Changing Service Account
Now we need to change the backup service account. As stated earlier, MSP360 Backup service is running by default under the Local System account. Changing that is feasible through the app's GUI. Launch MSP360 Backup and in the bottom left-hand corner right-click on Backup Service started and click Change Service Account.
Switch the radio button from Local System Account to This account, enter the credentials of the previously created user and click OK.
Now the backup service is running under the sampleUser account. You may want to verify that information in the task manager, just in case.
Configuring a backup plan
The final step is to properly configure a new backup plan, which will ensure that the backup service is utilizing the correct set of APIs to perform the backup. Launch the Backup Wizard by pressing Ctrl+B. Navigate to the Advanced Options step and select the Use backup operator checkbox.
Conclude setting up the plan and, when done, execute it. The plan should successfully complete with proper APIs being utilized for the backup procedure.
Not everything goes smoothly all the time. You may possibly get the following error: Access to one or more backup paths is denied. This issue emerges when the user does not comprise the Backup Operators group. Thus, go back to the computer management window and ensure that the user is indeed in the right group and the MSP360 Backup service is running under that user.
Feel free to share your experience with Backup Operators in the comment section below.