Attix5 Pro FAQ
Search:     Advanced search

Attix5 Pro and Windows file permissions - key facts

Article ID: 201
Last updated: 12 Jan, 2015

What file permissions does Attix5 Pro require to back up files?
Attix5 Pro requires that the user that the backup service runs as has at least read permission for all files being backed up.

How can I tell which user the backup service is running as?
Open the Services menu within Windows, right-click the backup service (for example Attix5 Pro DL, Attix5 Pro SE), click Properties, and then navigate to the Log On tab.

The default is Local System, but is also often run as an administrator account.

Service settings

Do I need to make other modifications?
You may need to grant the backup service user read permission to files so that they can be backed up.

How do I know if I need to set permissions?
You may encounter access denied warnings for files within your backup. For example:
Warning: 22:38:48 Failed to read security descriptor for file:C:\Users\dave\Documents\longcat.jpg, reason: Access is Denied. (5)
Warning: 19:07:58 Failed to read security descriptor for file:D:\Shared\Ron's BlackBerry.ipd, reason: Access is denied.(5)
Warning: 19:07:58 Unable to open file: D:\Shared\Ron's BlackBerry.ipd, reason:\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy22\Shared\Ron's BlackBerry.ipd (Access is denied)

I'm running as local system / administrator, but I get access denied warnings. Do I need to change permissions even though those users have access to everything on the machine?
Even though you are running the backup service as local system or administrator, and these users do normally do have full access to files on a machine, you may still need to set file permissions. Administrators and local system can be denied access to files within Windows.

Windows says I do not have permission to view the security settings for the file. How do I overcome this?
In this scenario you may need to take ownership of the file, or ask the user to grant the backup service user permission to read the file. Another reason might be that files can be orphaned within a file system if the users that created them no longer exist. You will need to take ownership of these files in order to back them up.

Note: Research In Motion's Blackberry Device backup files (*.IPD files) routinely only grant permissions and ownership to the user that created them. Read permissions need to be assigned and ownership taken for these files to be backed up.

I have run other backup software previously and I never needed to change permissions. Why is this?
Other backup software applications sometimes use the Windows Backup Operator API. This allows specially configured Backup Operators to access files for backup even when permission is not granted.

Note: From Attix5 Pro V7.0.3 it is now possible to use the Windows Backup Operator API. Please see below.

I am running an Active Directory domain and do not want to grant read permissions to all files for all the domain administrators. The HR files are particularly sensitive. How can I get around this problem?
Create a dedicated backup user to run the backup service and grant read permissions to this user only, rather than the domain administrators group. This prevents all domain administrators from accessing all files, but still allows the backup service user to access the files for backup.

How do I use the Backup Operator API?
You need to generate an MSI installer that uses Backup Operator Mode. For more details, please see the Server Edition Backup Operator User Manual in the Partner area. Alternatively, request a Backup Operator MSI from your backup provider.

Article ID: 201
Last updated: 12 Jan, 2015
Revision: 7
Views: 10747
Comments: 0
Posted: 14 Nov, 2012 by -- .
Updated: 12 Jan, 2015 by Du Plessis S.
This article was:  
Prev   Next
Article 199 - Migrating a Storage Platform to new IP addresses or DNS names     Article 202 - Restoring Exchange 2000/2003/2007 using a disk-based Restore...