Specify the list of Users to 'Back up files and directories'
|ID: oval:org.secpod.oval:def:36560||Date: (C)2016-08-05 (M)2017-10-18|
|Class: COMPLIANCE||Family: windows|
This policy setting allows users to circumvent file and directory permissions to back up the system. This user right is enabled only when an application (such as NTBACKUP) attempts to access a file or directory through the NTFS file system backup application programming interface (API). Otherwise, the assigned file and directory permissions apply.
When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers.
Restrict the Back up files and directories user right to members of the IT team who need to be able to back up organizational data as part of their day-to-day job responsibilities. If you are using backup software that runs under specific service accounts, only these accounts (and not the IT staff) should have the Back up files and directories user right.
Changes in the membership of the groups that have the Back up files and directories user right could limit the abilities of users who are assigned to specific administrative roles in your environment. You should confirm that authorized backup administrators are still able to perform backup operations.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Back up files and directories
(2) REG: ###
(3) WMI: root\rsop\computer
UserRight='SeBackupPrivilege' and precedence=1
|Microsoft Windows 10|