Why is a member of "Backup Operators" group denied from running backup?

windows-7 backup permissions uac windows-7-backup
13,226

If you're absolutely looking for an incremental solution, this answer might not be of much help, but if you can settle for a system image, the wbadmin command-line tool will do: http://technet.microsoft.com/en-us/library/cc742083.aspx

For some reason, the GUI version requires full admin privileges, but the command-line doesn't. Just make sure to run an elevated prompt (Run as admin... on cmd.exe, even though it's only to get Backup operators priviledges). So far though, I haven't been able to do a system image restore with those privileges (admin still required), but I haven't tried much. You can't mount the backup image (.vhd) either, but can open it with third party tools (I use 7-zip, there are probably several others) to recover files.

Share:
13,226

Related videos on Youtube

M.S. Dousti
Author by

M.S. Dousti

Updated on September 18, 2022

Comments

  • M.S. Dousti
    M.S. Dousti over 1 year

    On my Windows 7, I created a user, BackupUser5, and added him to the "Backup Operators" group. By design:

    Members of this group can back up and restore files on a computer, regardless of any permissions that protect those files. This is because the right to perform a backup takes precedence over all file permissions. Members of this group cannot change security settings.

    I ran Windows "Backup and Restore" in elevated mode (elevated with BackupUser5 permissions). Then, I pressed the "Back up now" button (as shown below). Windows asked for credentials, and I entered the credentials for BackupUser5. Here's the results:

    enter image description here

    As shown above, I got an access denied message. I don't know why? (Of course, if I use an admin credential, I won't get the error. The question is, why a "Backup Operators" member can't do that.)

    • M.S. Dousti
      M.S. Dousti almost 11 years
      @TheCleaner: The privilege (right) Log on as a batch job is given to Administrators, Backup Operators, and Performance Log Users. While this implicitly gives the right to my BackupUser5 user, I explicitly gave it this right, logged off, logged on back again, and repeated the procedure, to no avail :(
    • Keltari
      Keltari almost 11 years
      Try not running elevated, that might require admin privs that backup operators dont have...
    • M.S. Dousti
      M.S. Dousti almost 11 years
      @Keltari: Sorry, it didn't work either...
  • M.S. Dousti
    M.S. Dousti almost 11 years
    The backup process sdclt.exe has the SeBackupPrivilege. The command gpresult /h out.html lists group memberships for the current user (which includes Backup Operators), but it does not reveal the user rights assigned to him. I'm pretty sure he has the "Logon as a batch job" right, and is not denied logon as batch job. To confirm, I simply ran whoami /priv from an elevated command prompt, which lists all privileges assigned to the user.
  • M.S. Dousti
    M.S. Dousti almost 11 years
    Thanks. I'd like to test your idea, but I need a bit of help. Can you guide me on how to run a backup job remotely? Should I follow the steps in this MS Knowledge Base article?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What are the differences in permissions between domain admin on member computer and local admin?
Windows Task Scheduler can't write to folder even when run as Admin
How to run a program with elevated permissions from a limited permission user account without administrator password?
Active Directory Allow User to Install Only
Run exe from network share, with/without admin privileges?
How can I get around "error 0x80070522" when creating files in the root of the C drive (C:\)?
Skype wants to make changes to the computer every time it starts
Deleting folders give access denied error message on Windows 7, although I am administrator
How to disable "Installer Detection" feature of UAC in Windows 7 Home Premium?
How to assign permissions to manage windows service when UAC is enabled?