1 person found this helpful
Account with local administrator privileges has to be used in order to leverage Application Aware Image Processing, indeed. What about creating sort of unified account on multiple managed systems? This way, the credentials will have to be specified just once in backup server, and then, they can be specified to different source VMs.
Thanks for your input. The problems with that are:
- The local admin account has to be created and maintained individually on every VM. Security best practice is to centralize account management rather than distribute it. If you need to change the account name or password you have to touch every VM. What if that is 500 or 2000 VMs?
- If there is a problem and the VSS portion of the backup fails, any admin that troubleshoots the account not working it may need to know the password, which means that if this is some other company's VM, they have admin access on it. If the company that owns the vm disables the account or changes the password, the backup breaks. GPO's don't keep the account there consistency as they could through AD.
Overall, distributed local admin accounts that happen to have the same username and password aren't generally the greatest solution. I'm suprised that Veeam hasn't come up with a better way...
As far as I know, the Veeam interactions with VSS do require account's local admin privileges. So, I'm not aware of any way to bypass that. However, you can post your concerns/requests on the corresponding community forum. Based on my experience, all questions provided by customers are treated there in appropriate manner and with due importance; might be worth giving a shot.